W3C home > Mailing lists > Public > public-tracking@w3.org > November 2011

RE: Issue-17, Issue-51 First party obligations

From: Shane Wiley <wileys@yahoo-inc.com>
Date: Tue, 29 Nov 2011 13:27:33 -0800
To: Jeffrey Chester <jeff@democraticmedia.org>
CC: JC Cannon <jccannon@microsoft.com>, John Simpson <john@consumerwatchdog.org>, "<public-tracking@w3.org> (public-tracking@w3.org)" <public-tracking@w3.org>
Message-ID: <63294A1959410048A33AEE161379C8023D04DBFF2C@SP2-EX07VS02.ds.corp.yahoo.com>

The Ad Exchange is comprised of seat holders (participants) which account for the entirety of the online advertising ecosystem - some of which are DSPs.  Seat holders (participants) on the Exchange enter into Linking Agreements between the parties to do business with one another (buy/sell inventory, for example).  The Exchange itself does not own a DSPs data (or any other participants) nor have the ability to enter into Linking Agreements on any parties behalf - it is simply a technology platform.

This may be too detailed of a conversation to drag the entire working group through so I'd suggest we hold this out as a use case to test DNT against and see if it operates in a manner you'd feel is appropriate.  I suspect it will...  :)

- Shane

From: Jeffrey Chester [mailto:jeff@democraticmedia.org]
Sent: Tuesday, November 29, 2011 4:21 PM
To: Shane Wiley
Cc: JC Cannon; John Simpson; <public-tracking@w3.org> (public-tracking@w3.org)
Subject: Re: Issue-17, Issue-51 First party obligations

Ad exchanges and demand side platforms have access to outside data sets and may in fact be a controller of sorts (via partnership agreements). (Right Media discusses some of this via: http://rightmedia.com/data-providers; and http://rightmedia.com/demand-side-platforms' .  AppNexus: http://www.appnexus.com/ad-networks; OpenX:http://www.openx.com/advertiser/real-time-bidding)

I don't think RTB and related services fit neatly into a service provider model, because their role is to operationalize user tracking/targeting via data integration.  Looking forward to discussion.

Jeffrey Chester
Center for Digital Democracy
1621 Connecticut Ave, NW, Suite 550
Washington, DC 20009

On Nov 29, 2011, at 4:05 PM, Shane Wiley wrote:

I agree with everyone on the chain thus far and believe if we're successful in crafting 1st and 3rd party definitions appropriately, DNT rules should naturally support the "agency/service provider/vendor" model - which is all an Ad Exchange is as it has no data ownership/control of its own (in EU terms - a data processor).  I'm speaking for RightMedia in this case but believe this is true of other Ad Exchanges as well such as AdX and AppNexus.

I suggest we round on this as a use case after we narrow in on the party position definitions to make sure this works as intended.  Fair?

- Shane

From: JC Cannon [mailto:jccannon@microsoft.com]
Sent: Tuesday, November 29, 2011 11:26 AM
To: Jeffrey Chester
Cc: John Simpson; <public-tracking@w3.org<mailto:public-tracking@w3.org>> (public-tracking@w3.org<mailto:public-tracking@w3.org>)
Subject: RE: Issue-17, Issue-51 First party obligations

I agree that those are worthwhile issues to address. I'm just concerned that if we continue to broaden our scope we won't meet our goal of finishing our work by July 2012.


From: Jeffrey Chester [mailto:jeff@democraticmedia.org]
Sent: Tuesday, November 29, 2011 6:51 AM
To: JC Cannon
Cc: John Simpson; <public-tracking@w3.org<mailto:public-tracking@w3.org>> (public-tracking@w3.org<mailto:public-tracking@w3.org>)
Subject: Re: Issue-17, Issue-51 First party obligations

If a DNT system is to work, it must address how first party sites incorporate third party data and also use ad exchanges.  If a user has said they do not want to be tracked via a third party data service, such as eXelate, BlueKai or Experian (for example) then such user data should not be automatically imported or used by the First party site.  Sites increasingly mix in-house data with third party targeting data.  A user should have reasonable control of this process under DNT.

Jeffrey Chester
Center for Digital Democracy
1621 Connecticut Ave, NW, Suite 550
Washington, DC 20009

On Nov 28, 2011, at 7:59 PM, JC Cannon wrote:


I believe we are already in agreement that DNT will not apply to 1st party sites. I understand the need to clarify that 3rd-party sharing will be limited to certain exceptions, but I don't want to revisit something we have already agreed on.


From: John Simpson [mailto:john@consumerwatchdog.org]
Sent: Monday, November 28, 2011 4:47 PM
To: <public-tracking@w3.org<mailto:public-tracking@w3.org>> (public-tracking@w3.org<mailto:public-tracking@w3.org>)
Subject: Issue-17, Issue-51 First party obligations


I've been thinking a bit more about the idea of "1st Party" obligations if we use the frame of a 1st Party and 3rd Party distinction.  It seems clear to me that there is consensus that the 1st Party must not share data (some will say there are exceptions) with a 3rd party when DNT is enabled.

It does seem to me there are further obligations.  When I go to a 1st party  site and interact with it, I assume it is using my information for that transaction.  If I
have DNT enabled, I don't have ANY expectation that it will continue to use that information beyond that transaction.  The site should ask me if it can continue to store the information and use it beyond that specific visit to the site.

In other words from my perspective as a user, a 1st Party site should treat me as if I had cleared all my cookies the next time I visit the site if I have DNT enabled.

When DNT is enabled, a 1st party should treat each session with a user as an entirely new session unless it has been given permission to store his information and use it again.

John M. Simpson
Consumer Advocate
Consumer Watchdog
1750 Ocean Park Blvd. ,Suite 200
Santa Monica, CA,90405
Tel: 310-392-7041
Cell: 310-292-1902
Received on Tuesday, 29 November 2011 21:29:28 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:44:42 UTC