W3C home > Mailing lists > Public > public-tracking@w3.org > November 2011

Re: Issue-17, Issue-51 First party obligations

From: Roy T. Fielding <fielding@gbiv.com>
Date: Mon, 28 Nov 2011 16:54:18 -0800
Cc: "<public-tracking@w3.org> (public-tracking@w3.org)" <public-tracking@w3.org>
Message-Id: <DA302EFB-4BAF-441C-AFD0-36D735E59817@gbiv.com>
To: John Simpson <john@consumerwatchdog.org>
On Nov 28, 2011, at 4:46 PM, John Simpson wrote:

> Colleagues,
> 
> I've been thinking a bit more about the idea of "1st Party" obligations if we use the frame of a 1st Party and 3rd Party distinction.  It seems clear to me that there is consensus that the 1st Party must not share data (some will say there are exceptions) with a 3rd party when DNT is enabled.
> 
> It does seem to me there are further obligations.  When I go to a 1st party  site and interact with it, I assume it is using my information for that transaction.  If I
> have DNT enabled, I don't have ANY expectation that it will continue to use that information beyond that transaction.  The site should ask me if it can continue to store the information and use it beyond that specific visit to the site.
> 
> In other words from my perspective as a user, a 1st Party site should treat me as if I had cleared all my cookies the next time I visit the site if I have DNT enabled.

No, if a user wants that feature then they can turn on private browsing.
DNT is orthogonal to private browsing.

....Roy
Received on Tuesday, 29 November 2011 00:54:51 UTC

This archive was generated by hypermail 2.3.1 : Friday, 21 June 2013 10:11:22 UTC