W3C home > Mailing lists > Public > public-tracking@w3.org > February 2012

Re: ACTION-69: Renaming ISSUE-54

From: Justin Brookman <justin@cdt.org>
Date: Wed, 08 Feb 2012 10:16:06 -0500
Message-ID: <4F3291B6.5060405@cdt.org>
To: public-tracking@w3.org
I think Sean's restatement of the issue is a bit ambiguous.  The key 
question is not whether a first party can alter its own websites and 
advertising on those sites based on data it collected as a first party.  
It's about whether they can then leverage that data when they're in a 
third-party environment.

I was tasked with writing up language on this in Brussels, but upon 
reflection, my vision is already allowed for in the text:  a third-party 
may customize content or advertising on other sites based on data it had 
collected as a first-party.  Thus, Yahoo! can serve ads on the New York 
Times based on what I had done on the Yahoo! site (or registration 
information I had provided to Yahoo!) and Facebook can tell me what my 
friends like in a social widget when I go to the WashingtonPost.com --- 
as long as neither collects the fact that I went to NYT or WaPo (apart 
from exceptions like ad reporting, fraud, analytics) and certainly does 
not add that information to a profile about me.  The language in the 
draft currently allows for this.  However, I will try to put together 
some non-normative language on this today to make it clear.  I have 
heard the argument that this unduly favors first-party sites who have a 
lot of user data, but I also think the privacy implications are 
dramatically reduced when ads are influenced based on data that a party 
already has about you.

Shane, you had seemed to disagree with this idea in Brussels, so if you 
want to put forward a countersuggestion that's fine.  Alternatively, Tom 
had disagreed on one of the calls that Facebook should be allowed to 
personalize content based on data it had collected as a first-party, so 
he may want to proffer another suggestion.  I could see a stronger 
argument against allowing Yahoo! to use passively-collected data about 
what I read on the Yahoo! site rather than using affirmatively provided 
info, but I personally wouldn't draw the line there.  It's also possible 
this issue is currently being discussed elsewhere on the mailing list, 
but I have not remotely been able to keep up.

Justin Brookman
Director, Consumer Privacy
Center for Democracy&  Technology
1634 I Street NW, Suite 1100
Washington, DC 20006
tel 202.407.8812
fax 202.637.0969
justin@cdt.org
http://www.cdt.org
@CenDemTech
@JustinBrookman


On 2/6/2012 10:10 AM, Shane Wiley wrote:
>
> And the proposed answer, "YES", as this appears to capture the 1^st 
> party exception cleanly and we have other statements that disallow a 
> 1^st party from sharing information with 3^rd parties when DNT:1.
>
> - Shane
>
> *From:*Sean Harvey [mailto:sharvey@google.com]
> *Sent:* Sunday, February 05, 2012 5:27 PM
> *To:* public-tracking@w3.org Group WG
> *Subject:* ACTION-69: Renaming ISSUE-54
>
> Hi all, apologies for the delay in submitting my action item.
>
> ISSUE-54 is intended to get at the question of whether or not a first 
> party is allowed to leverage their own data, including registration 
> data provided by the user at a previous time, in the context of a DNT 
> header being ON.
>
> Keep in mind I am not intending to provide an answer, only to more 
> appropriately rename the topic.
>
> In light of this I propose the Issue be renamed:
>
> "Can first parties customize their own websites or advertising based 
> on their own user data when a DNT header is ON?"
>
Received on Wednesday, 8 February 2012 15:19:24 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:44:44 UTC