W3C home > Mailing lists > Public > public-tracking@w3.org > November 2011

Re: Summary of First Party vs. Third Party Tests

From: John Simpson <john@consumerwatchdog.org>
Date: Tue, 1 Nov 2011 15:37:18 -0700
Message-Id: <491D17A0-51DA-42AF-BC7D-B4A3E6638DBC@consumerwatchdog.org>
Cc: public-tracking@w3.org, Jonathan Mayer <jmayer@stanford.edu>
To: Rigo Wenning <rigo@w3.org>

Can you please give us some examples of what the toned compliance requirements for all would be? I too worry that with a first party third party distinction there is a real danger that everyone will be a first party very quickly.

However, cutting back on the compliance  requirements, it seems to me, runs the very real risk of making DNT essentially meaningless.


On Nov 1, 2011, at 3:10 PM, Rigo Wenning wrote:

> Add one minority opinion that says that the distinction between first and 
> third parties is too complex. This mixes technical and legal consideration 
> into an indigestible brewing. It will make implementation on the service side 
> too complex. It will create risk and ambiguity. 
> I would rather tone down the compliance requirements for all and not 
> distinguish between first and third parties to avoid the difficult 
> distinctions. (I can generate a number of challenging distinctions on demand)
> I also believe that this will create a race into being a first party and that 
> every ambiguity will be used to become a first party. At the end of the day, 
> everybody will be a first party by contract or other virtue.
> Best,
> Rigo
> On Friday 28 October 2011 22:11:24 Jonathan Mayer wrote:
>> (ACTION-25)
>> As I understand it, there are four camps on how to distinguish between first
>> parties and third parties.
>> 1) Domain names (e.g. public suffix + 1).
>> 2) Legal business relationships (e.g. corporate ownership + affiliates).
>> 3) Branding.
>> 4) User expectations.
>> Here are some examples that show the boundaries of these definitions.
>> Example: The user visits Example Website at example.com.  Example Website
>> embeds content from examplestatic.com, a domain controlled by Example
>> Website and used to host static content.
>> Discussion: Content from the examplestatic.com domain is first-party under
>> every test save the first.
>> Example: Example Website (example.com) strikes a deal with Example Affiliate
>> (affiliate.com), an otherwise unrelated company, to share user data.  The
>> user visits Example Website, and it embeds content from Example Affiliate.
>> Discussion: Content from Example Affiliate is third-party under every test
>> save the second.
>> Example: Example Website embeds a widget from Example Social Aggregator. 
>> The widget includes a prominent logo for Example Social Aggregator, though
>> a user is unlikely to recognize it.
>> Discussion: Content from Example Social Aggregator is third-party under
>> every test save the third.

John M. Simpson
Consumer Advocate
Consumer Watchdog
1750 Ocean Park Blvd. ,Suite 200
Santa Monica, CA,90405
Tel: 310-392-7041
Cell: 310-292-1902
Received on Tuesday, 1 November 2011 22:40:15 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 14:40:58 UTC