W3C home > Mailing lists > Public > public-tracking@w3.org > November 2011

Re: "cross-site"

From: Ed Felten <ed@felten.com>
Date: Fri, 18 Nov 2011 06:04:29 -0500
Message-ID: <CANZBoGh9bnWJ3WEexp6szNSFtr1hezgN0nPo7j3HpuMAJAqN3g@mail.gmail.com>
To: Mike Zaneis <mike@iab.net>
Cc: "<public-tracking@w3.org>" <public-tracking@w3.org>
Mike,

Just to be clear, are you saying that the DAA Principles documents
allow first parties to share data arbitrarily with third parties,
regardless of user opt-out?

On Fri, Nov 18, 2011 at 12:28 AM, Mike Zaneis <mike@iab.net> wrote:
> Sorry Jeff and John, but the FTC and industry are on record with this issue.
> Below are my original statements, none of which have been rebuked by the
> FTC:
> "I have to agree with Shane that first parties are outside of the scope of
> the DNT proposal.  In the U.S. this has been widely agreed too, with the
> Federal Trade Commission stating that:
>
> "The (OBA Privacy) report concludes that fewer privacy concerns may be
> associated with "first-party" and "contextual" advertising than with other
> behavioral advertising, and concludes that it is not necessary to include
> such advertising within the scope of the principles."
>  http://www.ftc.gov/opa/2009/02/behavad.shtm.
>
> While I understand that this is meant to be a global document, U.S.
> companies operate under the assumption that they are not covered by third
> party requirements, which raise more consumer concerns.
>
> Furthermore, it seems that making non-binding policy statements as to what
> first parties "could" or "should" do is not within scope of the W3C mission
> nor this particular document.
>
> It is unlikely that first parties would adhere to restrictions that they
> have been told should not affect them and thus inclusion of such provisions
> would diminish adoption of any W3C standard and would subject companies that
> are outside of the scope of this document to unnecessary and unjustified
> public scrutiny."
> Mike Zaneis
> SVP & General Counsel, IAB
> (202) 253-1466
> On Nov 17, 2011, at 10:08 PM, "Jeffrey Chester" <jeffreychester@me.com>
> wrote:
>
> The ftc's position on first and third parties is evolving, I believe.  We
> have provided them with evidence that the distinctions  between first and
> third parties has eroded because of real time bidding and other data
> integration practices embraced by online publishing. As First parties import
> outside data for user targeting from many sources simultaneously, a user's
> decision regarding DNT for such provider partner sites could be ignored, I
> fear.
>
> Jeff Chester
> Center for Digital Democracy
> Washington DC
> www.democraticmedia.org
> Jeff@democraticmedia.org
> On Nov 17, 2011, at 4:31 PM, John Simpson <john@consumerwatchdog.org> wrote:
>
> Mike,
> The FTC hasn't taken a position on this.  That only happens when the
> commissioners vote and they have not.  I think what you're doing is
> predicting what you think a majority would say if they voted.
> Best,
> John
> On Nov 17, 2011, at 12:28 PM, Mike Zaneis wrote:
>
> This is where there is a fundamental split amongst the parties. We had a
> discussion several weeks ago about the first party obligations and I pointed
> out that IAB and my member companies generally support the U.S. FTC position
> that consumers don't expect first parties to be subject to such
> restrictions.  Those positions have not changed.
>
> Mike Zaneis
> SVP & General Counsel, IAB
> (202) 253-1466
> On Nov 17, 2011, at 2:56 PM, "John Simpson" <john@consumerwatchdog.org>
> wrote:
>
> Shane,
> I don't understand why we would say that a 1st party most likely will not be
> subject to the DNT signal.  If we continue to use the 1st party/ 3rd party
> distinction, it will likely (almost certainly) have different and probably
> fewer obligations than a third party. It should still be subject to the
> signal.
> As a user I want the 1st party site to know that I have DNT configured.  As
> a 1st party site operator I want to know a visitor has configured DNT and is
> sending me the signal.  There will be some "musts", ie not sharing data from
> a DNT configured user with 3rd parties, but if I am a responsible site
> operator I may chose to go further in honoring the DNT request.  For
> instance I might chose to not even include the visitor in my analytics. I
> need to know if  DNT is configured and the way this happens is by being
> subject to the DNT signal.
> The obligations are different, but its important that we think of all sites
> being subject to the DNT signal, once it is configured in the browser.
>
> 73s,
> John
> On Nov 17, 2011, at 7:22 AM, Shane Wiley wrote:
>
> Karl,
>
> This statement is an attempt to remove the concern that a 1st party, which
> will mostly likely not be subject to the DNT signal, does not have a
> backdoor opportunity to pass user data directly to a 3rd party (aka -
> closing a loop-hole).  3rd parties present on the 1st party's web site
> should honor the DNT signal directly.
>
> - Shane
>
> -----Original Message-----
> From: Karl Dubost [mailto:karld@opera.com]
> Sent: Thursday, November 17, 2011 5:40 AM
> To: Shane Wiley
> Cc: John Simpson; Jules Polonetsky; Nicholas Doty; Roy T. Fielding; Mark
> Nottingham; <public-tracking@w3.org>
> Subject: Re: "cross-site"
>
>
> Le 16 nov. 2011 à 23:30, Shane Wiley a écrit :
>
> Alter statement to read "First parties must NOT share user specific data
> with 3rd parties for those user who send the DNT signal and have not granted
> a site-specific exception to the 1st party."  This will leave room for
> sharing with Agents/Service Providers/Vendors to the 1st party -- as well as
> sharing aggregate and anonymous data with "others" (general reporting, for
> example).
>
> I guess you mean
> s/DNT signal/DNT:1 signal"
>
> Trying to understand what you are saying.
>
> 1. User sends DNT:1 to a website with domain name www.example.org
> 2. www.example.org collects data about the user
>   (IP address and categories of pages the user visits)
> 3. Company Acme Hosting Inc. (a 3rd party) has access to these
>   data NOT through the Web but through an access to the logs file.
>
>
> What is happening?
>
>
> --
> Karl Dubost - http://dev.opera.com/
> Developer Relations & Tools, Opera Software
>
>
>
> ----------
> John M. Simpson
> Consumer Advocate
> Consumer Watchdog
> 1750 Ocean Park Blvd. ,Suite 200
> Santa Monica, CA,90405
> Tel: 310-392-7041
> Cell: 310-292-1902
> www.ConsumerWatchdog.org
> john@consumerwatchdog.org
>
> ----------
> John M. Simpson
> Consumer Advocate
> Consumer Watchdog
> 1750 Ocean Park Blvd. ,Suite 200
> Santa Monica, CA,90405
> Tel: 310-392-7041
> Cell: 310-292-1902
> www.ConsumerWatchdog.org
> john@consumerwatchdog.org
>
Received on Friday, 18 November 2011 11:05:18 UTC

This archive was generated by hypermail 2.3.1 : Friday, 21 June 2013 10:11:22 UTC