W3C home > Mailing lists > Public > public-tracking@w3.org > October 2011

Re: Proposed definition of 1st parties

From: Jeffrey Chester <jeff@democraticmedia.org>
Date: Fri, 28 Oct 2011 11:49:09 -0400
Cc: Matthias Schunter <mts@zurich.ibm.com>, "public-tracking@w3.org" <public-tracking@w3.org>
Message-id: <8FCC46A8-372B-4210-B149-92DD443BC254@democraticmedia.org>
To: Shane Wiley <wileys@yahoo-inc.com>
Thanks.  I am glad there is agreement on this point.  It would seem though that first party sites would have to ensure, through its privacy policy, that it would never provide such data to any third parties (short of a court order, etc), once the user transmits a DNT track signal.  Will that be clarified in the proposed DNT standard.  

On Oct 28, 2011, at 11:40 AM, Shane Wiley wrote:

> Jeff,
> 
> For the most part I believe there is agreement on the stance you provide below.  Once a 1st party receives the DNT signal from a user they should no longer share historical or real-time information about that user's web activity with a 3rd party (with the exception where a 3rd party is working solely on the behalf of the 1st party and will not have an independent right to use this data elsewhere - for example, a 3rd party web analytics provider that silos each customer's site analytics).  
> 
> - Shane
> 
> Shane Wiley
> VP, Privacy & Data Governance
> Yahoo!
> 
> -----Original Message-----
> From: Jeffrey Chester [mailto:jeff@democraticmedia.org] 
> Sent: Wednesday, October 26, 2011 10:48 AM
> To: Matthias Schunter
> Cc: public-tracking@w3.org
> Subject: Re: Proposed definition of 1st parties
> 
> Apologies for entering the conversation late, and for being uninformed about the original definition.
> 
> Given that today most major first party sites have contracts with third parties--including data providers--so they can incorporate outside profiling data on their users for internal targeting (and also perhaps sell it on exchanges and through other brokers) shouldn't users be assured [via the definition] that no exchange of data is occurring between the first and third parties?
> 
> 
> 
> 
> On Oct 26, 2011, at 1:25 PM, Matthias Schunter wrote:
> 
>> Hi Folks,
>> 
>> 
>> enclosed is the proposal on a definition of 1st parties as indicated
>> on the call.
>> 
>> An assumption is that FIRST PARTIES and AFFILIATES will later need to
>> satisfy relaxed requirements compared to THIRD PARTIES.
>> 
>> The goals of the def are:
>> - Not to fix the mechanisms.
>> - To put the burden of proof/implementation/mechanism/design
>>  on the parties that want to fall under the exemptions.
>> 
>> 
>> Regards,
>> matthias
>> 
>> 
>> A FIRST PARTY MUST be able to reliably determine that
>> - The user has explicitly visited a web-site of this party
>> - That the user has consciously and willingly interacted with it
>> 
>> An AFFILIATE MUST be able to reliably determine
>> [criteria defined elsewhere: suggestions were
>>  - co-branding
>>  - co-ownership
>>  - same origin...]
>> 
>> All other parties SHOULD be considered THIRD PARTY.
>> 
>> 
>> -- 
>> Dr. Matthias Schunter, MBA
>> IBM Research - Zurich, Switzerland
>> Ph. +41 (44) 724-8329,  schunter(at)acm.org
>> PGP 989A A3ED 21A1 9EF2 B005 8374 BE0E E10D
>> VCard: http://www.schunter.org/schunter.vcf
>> 
>> 
>> 
> 
> 
> 
> 
> 
Received on Friday, 28 October 2011 15:59:58 UTC

This archive was generated by hypermail 2.3.1 : Friday, 21 June 2013 10:11:22 UTC