W3C home > Mailing lists > Public > public-tracking-international@w3.org > March 2013

Re: Agenda: Global considerations F2F meeting 11-12 Berlin

From: Vinay Goel <vigoel@adobe.com>
Date: Wed, 6 Mar 2013 06:57:36 -0800
To: Rigo Wenning <rigo@w3.org>
CC: David Wainberg <david@networkadvertising.org>, Haakon Bratsberg <haakonfb@opera.com>, "public-tracking-international@w3.org" <public-tracking-international@w3.org>
Message-ID: <658DF5A6-C516-49A1-9C12-61C2E7E80669@adobe.com>
Hi Rigo,

I don't think your statement "So everybody has to behave like a 3rd party in DNT" is how it will play out.

I don't expect most global companies to modify its web servers, analytics practices, and onsite optimization services so that it will treat itself as a first party on www.company.com, www.company.ch, etc., but treat itself as a third party on www.company.uk.  It will not be easy for a company to programmatically treat itself as a 3rd party for its EU websites; especially when the site is www.company.com/uk.  For global companies that set global policies and need consistent systems/approaches/privacy policies across the globe, I expect them to treat the DNT signal the same regardless of market; and those global companies will do whatever they need to do outside of DNT for legal compliance.  

I can't speak for other global companies, but I can speak for how Adobe is considering its global compliance obligations.

I still think a fair discussion at the Global Considerations workshop is how companies actually plan to implement this globally.

-Vinay

On Mar 5, 2013, at 10:04 AM, Rigo Wenning <rigo@w3.org> wrote:

> Vinay, 
> 
> 
> On Tuesday 05 March 2013 08:46:53 Vinay Goel wrote:
>> Perhaps I'm missing something here, but unless we change what a
>> website can no longer do when it receives DNT:1 (ie. first party
>> analytics and/or first party customization), isn't DNT only part of
>> the solution to handle the restrictions of the ePrivacy Directive?  
> 
> One of the things that is already clear is that the 1st party/ 3rd party 
> distinction doesn't work for Europe. So everybody has to behave like a 
> 3rd party in DNT
> 
>> I
>> don't understand how DNT removes the entire need for websites to do
>> window shades/other consent mechanisms for the use of cookies.  
> 
> This works via the Whereas 66 in the ePrivacy Directive:
> Where it is technically possible and effective, in accordance with the 
> relevant provisions of Directive 95/46/EC, the userís consent to 
> processing may be expressed by using the appropriate settings of a 
> browser or other application.
> 
> Window shades are soooo ugly. We can get rid of them. 
> 
>> I
>> think we should discuss in the Berlin workshop what compliance looks
>> like for websites; and whether DNT is enough to comply with the
>> ePrivacy Directive.
> 
> That's the plan. The plan is to have DNT:1 as an implementation guide 
> for conformance and DNT:0 as a way to open up and do 
> business/personalization etc.
>> 
>> Am I missing an interpretation/analysis that DNT (as currently drafted
>> to not restrict 1st party analytics/customization) could equal
>> compliance with the ePrivacy directive?
> 
> again, 3rd party cross-site only comes from a requirement from the FTC 
> that isn't viable in Europe. Once you remove that distinction, 
> everything works fine so far IMHO. This is one of the things to discuss. 
> 
> --Rigo
Received on Wednesday, 6 March 2013 14:58:26 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 19:40:17 UTC