Updated response to Aleecia's Template, Issue-10, Issue-17, Issue-19, Issue-22, Issue-24, Issue-25, Issue-31, Issue-49, Issue-73 from John Simpson on 2012-04-07 (public-tracking@w3.org from April 2012)

From: John Simpson <john@consumerwatchdog.org>
Date: Sat, 7 Apr 2012 12:00:49 -0700
To: "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
Message-Id: <7A1D0162-C7A6-4DBE-B4B0-7EF29C23B118@consumerwatchdog.org>

Colleagues,

I have updated my draft text to include language about permitted uses. Apologies for the delay. It's attached as an RTF document and is in the body of this email below. It is mean to deal with:
Issue-10, What is a first party?
Issue-17, Data use by 1st Party
Issue-19, Data collection / Data use (3rd party)
Issue-22, Still have "operational use" of data (auditing of where ads are shown, impression tracking, etc.)
Issue-24, Possible exemption for fraud detection and defense
Issue-25, Possible exemption for research purposes
Issue-31, Minimization -- to what extent will minimization be required for use of a particular exemption? (conditional exemptions)
Issue-49, Third party as first party - is a third party that collects data on behalf of the first party treated the same way as the first party?
Issue-73, In order for analytics or other contracting to count as first-party: by contract, by technical silo, both silo and contract
I look forward to fruitful discussions in Washington.
Regards,
John
------------

Contributors to this proposal: John M. Simpson

Part I: Parties

A. A "party" is any commercial, nonprofit, or governmental organization, a subsidiary or unit of such an organization, or a person, that an ordinary user would perceive to be a discrete entity for purposes of information collection and sharing. A party MAY also include affiliates if the affiliates are commonly owned and controlled, and the relationship is clear to consumers through common branding. A party MUST NOT include more than five affiliates.

Example 0: If a user visits flickr.com, which is branded "from Yahoo!", are Flickr and Yahoo one party? Yes.
Example 1: If a user visits google.com, are other parts of Google, Inc. (adwords, analytics, YouTube, gmail, Google Maps) also the same party as google.com? Yes.
Example 2: If a user visits geico.com, is See's Candies also the same party? No.
Example 3: If Mozilla and Opera form a jointly-owned and controlled company called Moperilla, and a user visits Moperilla, are Mozilla and Opera part of the same party as Moperilla? No.

B. A "first party" is any party, in a specific network interaction, that can infer with high probability that the user knowingly and intentionally communicated with it. Otherwise, a party is a "third party." If a party cannot infer with a high degree of probability that it is a "first party," it MUST behave as a third party.

To comply with DNT, a first party MUST NOT share data with a third party, outside of permitted uses as defined in this standard or specific user-granted exceptions.
To comply with DNT, a first party MAY take additional privacy enhancing steps, such as treating each session with a user as an entirely new session unless it has been given permission to store her information and use it again.

C. A "third party" is any party, in a specific network interaction, that cannot infer with high probability that the user knowingly and intentionally communicated with it. If a party does not know its status, it MUST behave as a third party.

To comply with DNT, if the operator of a third-party domain receives a communication to which a [DNT:1] header is attached:
that operator MUST NOT collect, share, or use information related to that communication outside of the permitted uses as defined within this standard and any explicitly-granted exceptions, provided in accordance with the requirements of this standard;
that operator MUST NOT use information about previous communications in which the operator was a third party, outside of the explicitly expressed permitted uses as defined within this standard;
that operator MUST NOT retain information about previous communications in which the operator was a third party, outside of the explicitly expressed permitted uses as defined within this standard.
that operator MUST NOT use information associated with the user agent that was gathered and stored when the operator was acting as a first party.

D. A third party acting as a first party (as an agent) MUST be under contract to provide a specific service for the first party.

To comply with DNT, a third party acting as a first party MUST NOT combine any data obtained from the first party to perform the contracted service with any other data.
To comply with DNT, a third party acting as a first party MUST retain the data only as long as necessary to perform the contracted service for the first party.
To comply with DNT, a third party acting as a first party MUST NOT collect data that could be combined across first parties.

Part II: Business uses /* or whatever we wind up calling this -- feel free to suggest something different */

I suggest we simple call this "permitted uses."

Note: unless you specifically document otherwise, this section is understood to ONLY APPLY TO THIRD PARTIES.

I agree this section applies to third parties.

For each of the seven potential business uses below, please indicate if:
A. this particular use is never allowed under DNT
B. this particular use is allowed as long as data is "unlinkable" as described in section 0
C. this particular use is allowed with retention limits (describe)
D. this particular use is allowed with aggregation (describe)
E. this particular use is allowed (describe any other limitations that apply)

As needed, feel free to define and scope the potential business uses.

0. Any use is allowed that uses only unlinkable, aggregated data. Unlinkable data is data that has been de-identified by removing the IP address or persistent device ID. There must be a public commitment not to re-identify the data and a contractual prohibition preventing downstream recipients from trying to re-identify the data.

1. Frequency Capping - A form of historical tracking to ensure the number of times a user sees the same ad is kept to a minimum.

A. This use is not allowed when DNT is enabled.

2. Financial Logging - Ad impressions and clicks (and sometimes conversions) events are tied to financial transactions (this is how online advertising is billed) and therefore must be collected and stored for billing and auditing purposes.

C. This use is allowed, but the data MUST be retained only as long as is reasonably necessary to fulfill billing and auditing purposes. Data gathered under this permitted use MUST NOT be used for any other purpose.

3. 3rd Party Auditing - Online advertising is a billed event and there are concerns with accuracy in impression counting and quality of placement so 3rd party auditors provide an independent reporting service to advertisers and agencies so they can compare reporting for accuracy.

C. This use is allowed, but the data MUST be retained only as long as is reasonably necessary to fulfill auditing purposes. Data gathered under this permitted use MUST NOT be used for any other purpose.

4. Security - From traditional security attacks to more elaborate fraudulent activity, ad networks must have the ability to log data about suspected bad actors to discern and filter their activities from legitimate transactions. This information is sometimes shared across 3rd parties in cooperatives to help reduce the daisy-chain effect of attacks across the ad ecosystem.

C. Data MAY be collected and shared to the extent reasonably necessary to prevent fraud, when there are reasonable grounds to suspect fraudulent activity. Data gathered under this permitted use MUST be retained only as long as necessary for that purpose and MUST NOT be used for any other purpose.

5. Contextual Content or Ad Serving: A third-party may collect and use information contained with the user agent string (including IP address and referrer url) to deliver content customized to that information.

E. This use is allowed when DNT is enabled so long as data is not retained beyond the immediate transaction.

6. Research / Market Analytics

D. This use is allowed when the data is aggregated and not linked to any user.

7. Product Improvement, or, more narrowly, Debugging

D. This is allowed when the data is aggregated and not linked to any user.

---------
John M. Simpson
Privacy Project Director
Consumer Watchdog
1750 Ocean Park Blvd. ,Suite 200
Santa Monica, CA,90405
Tel: 310-392-7041
Cell: 310-292-1902
www.ConsumerWatchdog.org
john@consumerwatchdog.org

Attachments

text/html attachment: stored
text/rtf attachment: Revisedtemplate.rtf
text/html attachment: stored

Received on Saturday, 7 April 2012 19:01:07 UTC