Re: High-level text on third-party responsibilities (ACTION-38, ISSUE-19)

A few design considerations from my version of the high-level rule:

-Do Not Track should address communication with user agents in addition to users since in many (if not most) cases the user will be unaware of and have no explicit interaction with a third party.

-In my view of the key terms, data collection is bits arriving at a third party, data retention is a third party keeping bits, and data use is a third party applying logic to bits.  I think Do Not Track should, at a high level, prohibit all three; each exception should narrowly define a set of permissible collection/retention/use practices.  (We may also want to address data sharing, when a third party hands bits to another party.)

-Exceptions in the high-level rule should be explicitly linked to the subsequent exception definitions.  We might otherwise create ambiguity about the scope of exceptions and, in particular, might suggest there are broad use-based exceptions.

On Dec 7, 2011, at 9:13 AM, Shane Wiley wrote:

> Proposed Update:
> 
> A 3rd party may not collect or use information related to communication with a user outside of supported exceptions.  Supported exceptions are: ....
> 
> - Shane
> 
> -----Original Message-----
> From: Jonathan Mayer [mailto:jmayer@stanford.edu] 
> Sent: Wednesday, December 07, 2011 10:10 AM
> To: <public-tracking@w3.org> (public-tracking@w3.org)
> Subject: High-level text on third-party responsibilities (ACTION-38, ISSUE-19)
> 
> A third party may not collect, retain, or use any information related to communication with a user or user agent.  There are exceptions to this general rule for _____, _____, and _____ as defined in the following sections.
> 
> 

Received on Wednesday, 7 December 2011 18:41:17 UTC