- From: Rigo Wenning <rigo@w3.org>
- Date: Tue, 20 May 2003 18:50:44 +0200
- To: "Humphrey, Jack" <JHumphrey@coremetrics.com>
- Cc: "'public-p3p-spec@w3.org '" <public-p3p-spec@w3.org>
Jack, before going down that old path again, think a moment of the difference between collecting information and using information and go away from the compact format mentally. I collect information. I declare the collection of information. The problem of cookies is, that they are used as unique ids that glue a customer profile together. Now in your example, the site example.com has already nearly all information. Relevant new information collected is the purchase. With the unique id this adds to the profile. The loyalty # is also a unique id that represents all the data, that the example.com already has, even the phone-number that you mention below. in fact, your example has two unique ids: the cookie and the loyalty # But what are they are going to do with that data? Here we come to purpose. and there, a company might want to attach some purpose to that data. eg:"This purchase-info will not be used to contact you". Another issue is how to enforce that declaration inside a company and there we go to http://www.w3.org/2003/p3p-ws/ P3P allows a very fine grained declaration, so fine grained that one can get lost.. Best, Rigo On Tue, May 20, 2003 at 07:35:18AM -0500, Humphrey, Jack wrote: > But I don't think the user agent could allow you to express #1 but not #2 > (say you don't mind telemarketing and online contact). Then if the loyalty # > was being collected for telemarketing, the policy would have to include PHY > in addition to UNI and TEL, and the user agent couldn't allow the cookie, > even though it doesn't violate the expressed preferences, because it > couldn't distinguish that the cookie doesn't contain a phone number. That > troubles me, but it's something of an orthogonal issue to the points you > raise. >
Received on Tuesday, 20 May 2003 12:50:54 UTC