W3C home > Mailing lists > Public > public-p3p-spec@w3.org > May 2003

RE: potential requirement/guidelines on acceptable Purpose / Cate g ory combinations

From: Dobbs, Brooks <bdobbs@doubleclick.net>
Date: Mon, 19 May 2003 14:25:42 -0400
Message-ID: <D464F551A951ED4E804B9713B519E6C90AABC4@NYC-EX101.doubleclick.net>
To: "'Humphrey, Jack'" <JHumphrey@coremetrics.com>, public-p3p-spec@w3.org

I think the example Jack raises is exactly what I am trying to get at.  If a
cookie value is set to a consumer loyalty card # for company XYZ and company
XYZ has a CRM database with name, address, phone and email tied to the
loyalty number, the correct disclosure (IMHO) is NOT UNI but rather PHY, UNI
and ONL (so far as categories are concerned).  Again if we are talking about
"linked to" - isn't a loyalty card # almost by definition the linking
element within a CRM? 

What this all boils down to is, if the data collector declares a purpose
that requires identity, then they obviously HAVE the identity.  If you claim
that you are going to telemarket to me, you have my phone number.  I think
that it is now generally understood that the actual phone number won't be
stored as the clear text value within the cookie but rather referenced
through a UNI value of the cookie.  To the data subject it doesn't matter if
you reference using phone #, loyalty #, credit card # or a SSN so long as
the intent or the data construct is to use the value to reference other data
(though clearly for some these you may need to go past simply UNI even for
the reference string itself).

The purpose of the analysis is to propose possible guidelines on UAs to take
some form of action on impossible or incorrect policies (likely treatment as
though there were no policy).

-Brooks


Brooks Dobbs
Director of Privacy Technology
DoubleClick, Inc.

office: 404.836.0525
fax: 404.836.0521
email: bdobbs@doubleclick.net


-----Original Message-----
From: Humphrey, Jack [mailto:JHumphrey@coremetrics.com]
Sent: Monday, May 19, 2003 1:22 PM
To: 'Dobbs, Brooks'; public-p3p-spec@w3.org
Subject: RE: potenial requirement/guidelines on acceptable Purpose /
Categ ory combinations


Brooks,

FWIW, I can think of counter-examples for IVA/IVD. On a retail site, you
might enter a customer loyalty ID from a card given to you at a physical
store, which would then be stored in or linked to a cookie. I don't think
that ID belongs to any of the categories you listed, but it could be used on
the back-end for IVA/IVD purposes.

I wasn't on the UA call, so I'm curious -- what's the purpose of this
analysis?

Jack Humphrey
Development Manager, Coremetrics

-----Original Message-----
From: Dobbs, Brooks [mailto:bdobbs@doubleclick.net]
Sent: Friday, May 16, 2003 12:52 PM
To: public-p3p-spec@w3.org
Subject: UA: potenial requirement/guidelines on acceptable Purpose /
Categ ory combinations



For once I am actually did something sooner rather than later.

I am attaching a useful quote from the spec and then some thoughts on
categories that should IMHO be required given certain declared purposes.
The thought being, to achieve X purpose, at least Y data is required.

P3P Spec 1.0 2.3.2.7 The COOKIE-INCLUDE and COOKIE-EXCLUDE elements
A cookie policy MUST cover any data (within the scope of P3P) that is stored
in that cookie or linked via that cookie. It MUST also reference all
purposes associated with data stored in that cookie or enabled by that
cookie. In addition, any data/purpose stored or linked via a cookie MUST
also be put in the cookie policy.

It therefore follows that if you declare any of the following purposes that
deal in identified individuals you would need to have (either directly or
linked via that cookie) one of the listed categories:

Individual-Analysis, IVA:  Information may be used to determine the habits,
interests, or other characteristics of individuals and combine it with
identified data for the purpose of research, analysis and reporting. For
example, an online Web site for a physical store may wish to analyze how
online shoppers make offline purchases.
	*	Physical
	*	Online
	*	Financial
	*	Purchase
	*	Government
	RATIONAL: This purpose requires "identified data".  While it is
possible to have other categories associated with an identified subject, the
actual identification is impossible without a data element associated with
one or more of the above categories.

Individual-Decision, IVD: Information may be used to determine the habits,
interests, or other characteristics of individuals and combine it with
identified data to make a decision that directly affects that individual.
For example, an online store suggests items a visitor may wish to purchase
based on items he has purchased during previous visits to the Web site.
	*	Physical
	*	Online
	*	Financial
	*	Purchase
	*	Government
	RATIONAL: This purpose requires "identified data".  While it is
possible to have other categories associated with an identified subject, the
actual identification is impossible without a data element associated with
one or more of the above categories.

Contact, CON: Contacting Visitors for Marketing of Services or Products:
Information may be used to contact the individual, through a communications
channel other than voice telephone, for the promotion of a product or
service. This includes notifying visitors about updates to the Web site.
This does not include a direct reply to a question or comment or customer
service for a single transaction -- in those cases, would be used. In
addition, this does not include marketing via customized Web content or
banner advertisements embedded in sites the user is visiting -- these cases
would be covered by the , and , or and purposes.
	*	Physical
	*	Online
	RATIONAL:  Logic dictates that to contact an individual the
initiator of the contact would possess a data element identifying the
individual in a place where he or she would be contacted - either the online
or offline worlds.  This would presuppose elements contained by one of the
above categories. 

Telemarketing, TEL: Contacting Visitors for Marketing of Services or
Products Via Telephone: Information may be used to contact the individual
via a voice telephone call for promotion of a product or service. This does
not include a direct reply to a question or comment or customer service for
a single transaction -- in those cases, would be used.
	*	Physical
RATIONAL:   Again logic dictates that if you are going to contact someone
via telephone, you at least have a data element that contains phone numbers.
These data elements should all be within the Physical category

Thoughts?



Brooks Dobbs
Director of Privacy Technology
DoubleClick, Inc.

office: 404.836.0525
fax: 404.836.0521
email: bdobbs@doubleclick.net
Received on Monday, 19 May 2003 14:25:50 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 17 March 2004 17:46:24 EST