W3C home > Mailing lists > Public > public-tracking@w3.org > November 2011

Re: Issue-17, Issue-51 First party obligations

From: David Wainberg <dwainberg@appnexus.com>
Date: Wed, 30 Nov 2011 10:48:52 -0500
Message-ID: <4ED65064.1000701@appnexus.com>
To: Sean Harvey <sharvey@google.com>
CC: Jeffrey Chester <jeff@democraticmedia.org>, JC Cannon <jccannon@microsoft.com>, John Simpson <john@consumerwatchdog.org>, "<public-tracking@w3.org> (public-tracking@w3.org)" <public-tracking@w3.org>
I agree that absent an exception, prior collected data should not be 
used. I think the case that was raised was whether a 1st party should be 
required to reject data from a 3rd party if DNT is on. What I was 
getting at is that the first party will have no way of knowing if the 
3rd party has an exception to DNT that would allow the data to be 
shared. So either there has to be a mechanism to inform the 1st party, 
or it has to be left to the 3rd party to decide whether or not it can 
share the data. Unless there's something built into the client, either 
way the 1st party is trusting the 3rd party to make the right decision.

On 11/29/11 1:02 PM, Sean Harvey wrote:
> I defer to the group on this, but my own thinking was originally as 
> follows:
> If I visited a shopping site for a pair of shoes, decided against the 
> purchase in favor of something else and then became annoyed with 
> retargeted ads offering that same pair of shoes to me on other 
> locations across the web, my setting of DNT (in my mind at least) 
> should not allow the retargeting network to continue hitting me with 
> more retargeted ads for that same pair of shoes because it was 
> previously "collected with consent".
> again, this is just my opinion. also, if i'm on anyone's holiday 
> shopping list this year, my shoe size is 11...
> On Tue, Nov 29, 2011 at 12:48 PM, David Wainberg 
> <dwainberg@appnexus.com <mailto:dwainberg@appnexus.com>> wrote:
>     Assuming the data was collected with consent for that purpose, why
>     not?
>     On 11/29/11 12:39 PM, Sean Harvey wrote:
>>     to my mind the first party should not be using any third party
>>     data for targeting in a DNT-on context, and I thought that was
>>     stated elsewhere in the email chain, though I can go back and check.
>>     On Tue, Nov 29, 2011 at 12:26 PM, David Wainberg
>>     <dwainberg@appnexus.com <mailto:dwainberg@appnexus.com>> wrote:
>>         This raises an interesting issue with how this is going to
>>         work. If the user engaged DNT after the data was collected,
>>         we probably have consensus that prior collected data should
>>         not be used. However, if the user had DNT at the time the
>>         data was collected, but granted an exception to DNT, the data
>>         is ok to be used. The problem is, how does the 1st party know
>>         the difference? It will fall on the 3rd party to honor the
>>         user's choices, and the 1st party will have to trust them.
>>         On 11/29/11 9:50 AM, Jeffrey Chester wrote:
>>>         If a DNT system is to work, it must address how first party
>>>         sites incorporate third party data and also use ad
>>>         exchanges.  If a user has said they do not want to be
>>>         tracked via a third party data service, such as eXelate,
>>>         BlueKai or Experian (for example) then such user data should
>>>         not be automatically imported or used by the First party
>>>         site.  Sites increasingly mix in-house data with third party
>>>         targeting data.  A user should have reasonable control of
>>>         this process under DNT.
>>>         Jeffrey Chester
>>>         Center for Digital Democracy
>>>         1621 Connecticut Ave, NW, Suite 550
>>>         Washington, DC 20009
>>>         www.democraticmedia.org <http://www.democraticmedia.org>
>>>         On Nov 28, 2011, at 7:59 PM, JC Cannon wrote:
>>>>         John,
>>>>         I believe we are already in agreement that DNT will not
>>>>         apply to 1^st party sites. I understand the need to clarify
>>>>         that 3^rd -party sharing will be limited to certain
>>>>         exceptions, but I donít want to revisit something we have
>>>>         already agreed on.
>>>>         JC
>>>>         Twitter <http://twitter.com/jccannon7>
>>>>         *From:*John Simpson [mailto:john@consumerwatchdog.org]
>>>>         *Sent:*Monday, November 28, 2011 4:47 PM
>>>>         *To:*<public-tracking@w3.org
>>>>         <mailto:public-tracking@w3.org>> (public-tracking@w3.org
>>>>         <mailto:public-tracking@w3.org>)
>>>>         *Subject:*Issue-17, Issue-51 First party obligations
>>>>         Colleagues,
>>>>         I've been thinking a bit more about the idea of "1st Party"
>>>>         obligations if we use the frame of a 1st Party and 3rd
>>>>         Party distinction.  It seems clear to me that there is
>>>>         consensus that the 1st Party must not share data (some will
>>>>         say there are exceptions) with a 3rd party when DNT is enabled.
>>>>         It does seem to me there are further obligations.  When I
>>>>         go to a 1st party  site and interact with it, I assume it
>>>>         is using my information for that transaction.  If I
>>>>         have DNT enabled, I don't have ANY expectation that it will
>>>>         continue to use that information beyond that transaction.
>>>>          The site should ask me if it can continue to store the
>>>>         information and use it beyond that specific visit to the site.
>>>>         In other words from my perspective as a user, a 1st Party
>>>>         site should treat me as if I had cleared all my cookies the
>>>>         next time I visit the site if I have DNT enabled.
>>>>         When DNT is enabled, a 1st party should treat each session
>>>>         with a user as an entirely new session unless it has been
>>>>         given permission to store his information and use it again.
>>>>         73s,
>>>>         John
>>>>         ----------
>>>>         John M. Simpson
>>>>         Consumer Advocate
>>>>         Consumer Watchdog
>>>>         1750 Ocean Park Blvd. ,Suite 200
>>>>         Santa Monica, CA,90405
>>>>         Tel: 310-392-7041 <tel:310-392-7041>
>>>>         Cell: 310-292-1902 <tel:310-292-1902>
>>>>         www.ConsumerWatchdog.org <http://www.ConsumerWatchdog.org>
>>>>         john@consumerwatchdog.org <mailto:john@consumerwatchdog.org>
>>     -- 
>>     Sean Harvey
>>     Business Product Manager
>>     Google, Inc.
>>     212-381-5330 <tel:212-381-5330>
>>     sharvey@google.com <mailto:sharvey@google.com>
> -- 
> Sean Harvey
> Business Product Manager
> Google, Inc.
> 212-381-5330
> sharvey@google.com <mailto:sharvey@google.com>
Received on Wednesday, 30 November 2011 15:49:20 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:44:42 UTC