W3C home > Mailing lists > Public > public-tracking@w3.org > February 2012

Re: ACTION-69: Renaming ISSUE-54

From: Vincent Toubiana <v.toubiana@free.fr>
Date: Tue, 14 Feb 2012 20:46:58 +0100
Message-ID: <4F3ABA32.9030205@free.fr>
To: JC Cannon <jccannon@microsoft.com>
CC: Shane Wiley <wileys@yahoo-inc.com>, Jonathan Mayer <jmayer@stanford.edu>, "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
I get your point, but I think a similar result can be achieved if the 
browser sets a web-wide exception based on the out-of band signal and 
then synchronize with the other devices.
On the other hand, I don't see how the problem I'm pointing (shared 
browser) could be addressed if out-the-band signal overrides DNT signal. 
Users would have to always remove all cookies.

I'd like also to recall that currently we have "DNT signal > Opt-Out 
cookie" (see action-52) and what you're proposing is "Opt-in cookie > 
DNT signal".
I think an approach based on web-wide exceptions could be more consistent.

Vincent

On 2/14/2012 5:08 PM, JC Cannon wrote:
>
> +1
>
> *From:*Shane Wiley [mailto:wileys@yahoo-inc.com]
> *Sent:* Tuesday, February 14, 2012 8:04 AM
> *To:* TOUBIANA, VINCENT (VINCENT); JC Cannon; Jonathan Mayer
> *Cc:* public-tracking@w3.org (public-tracking@w3.org)
> *Subject:* RE: ACTION-69: Renaming ISSUE-54
>
> Vincent,
>
> I strongly disagree that anything should trump an out-of-band explicit 
> consent experience and I believe the group for the most part agrees on 
> this stance.
>
> - Shane
>
> *From:*TOUBIANA, VINCENT (VINCENT) 
> [mailto:Vincent.Toubiana@alcatel-lucent.com]
> *Sent:* Tuesday, February 14, 2012 8:52 AM
> *To:* Shane Wiley; JC Cannon; Jonathan Mayer
> *Cc:* public-tracking@w3.org (public-tracking@w3.org)
> *Subject:* RE: ACTION-69: Renaming ISSUE-54
>
> Shane,
>
> There are already tools to synchronize settings (bookmarks, tabs, 
> history,...) on different browsers. I'm not saying that all browsers 
> should implement site-specific exception this way, but that some could.
>
> This is not a matter of granularity; it's just that (on some browsers) 
> site specific exceptions should overrule out-of-band permissions (i.e. 
> if no exception is granted out-of band exception should be ignored).
>
> Vincent
>
> ------------------------------------------------------------------------
>
> *De :*Shane Wiley [mailto:wileys@yahoo-inc.com]
> *Envoyé :* mardi 14 février 2012 16:32
> *À :* TOUBIANA, VINCENT (VINCENT); JC Cannon; Jonathan Mayer
> *Cc :* public-tracking@w3.org (public-tracking@w3.org)
> *Objet :* RE: ACTION-69: Renaming ISSUE-54
>
> Vincent,
>
> While it may be possible (read "MAY") to host more permissions through 
> a single browser, in today's world where users move across devices at 
> a fairly rapid pace this won't be taken up by publishers and users 
> alike (until browsers solve online ID issues -- see Mozilla's work 
> here).  Until all online permissions are ubiquitously held on a web 
> browser, out-of-band permissions will continue to be the primary 
> approach to managing account details.  I don't believe the currently 
> envisioned site-specific exceptions (or web wide exceptions) structure 
> supports the granularity of permissions you're envisioning (nor should 
> it -- this is about DNT).
>
> - Shane
>
> *From:*TOUBIANA, VINCENT (VINCENT) 
> [mailto:Vincent.Toubiana@alcatel-lucent.com]
> *Sent:* Tuesday, February 14, 2012 8:09 AM
> *To:* Shane Wiley; JC Cannon; Jonathan Mayer
> *Cc:* public-tracking@w3.org (public-tracking@w3.org)
> *Subject:* RE: ACTION-69: Renaming ISSUE-54
>
> Shane,
>
> I think the motivations listed in the "user managed site-specific 
> exception" section are valid and I don't see why one could not 
> implement a solution where all permissions would be hosted in the 
> browser. Especially, users should be able to view quickly all the 
> exceptions they have granted and that could actually avoid confusions.
>
> Furthermore, users may not be aware of permissions that have been 
> granted from the browser they're using (shared computer) and therefore 
> should not be held responsible for all of them.
>
> Vincent
>
> ------------------------------------------------------------------------
>
> *De :*Shane Wiley [mailto:wileys@yahoo-inc.com]
> *Envoyé :* mardi 14 février 2012 15:47
> *À :* TOUBIANA, VINCENT (VINCENT); JC Cannon; Jonathan Mayer
> *Cc :* public-tracking@w3.org (public-tracking@w3.org)
> *Objet :* RE: ACTION-69: Renaming ISSUE-54
>
> Vincent,
>
> Specific to #2 - I don't believe attempting to host ALL online 
> permissions via a web browser is an intelligent outcome.  By allowing 
> race conditions to occur (consent vs. site-specific exception) we'll 
> confuse everyone involved (users, site operators, regulators, etc.).  
> Nothing should trump an explicit consent experience.  If a user is not 
> pleased with a previous permission they've granted, they should simply 
> return to the source and revoke that permission.  This is a fair and 
> appropriate expectation (users need to carry a modicum of 
> responsibility in this exchange).
>
> - Shane
>
> *From:*TOUBIANA, VINCENT (VINCENT) 
> [mailto:Vincent.Toubiana@alcatel-lucent.com]
> *Sent:* Tuesday, February 14, 2012 7:09 AM
> *To:* JC Cannon; Jonathan Mayer
> *Cc:* public-tracking@w3.org (public-tracking@w3.org)
> *Subject:* RE: ACTION-69: Renaming ISSUE-54
>
> JC,
>
> Web-wide exceptions have been considered precisely to address this 
> issue.  These exceptions could be synchronized using tools provided by 
> browser vendors.
>
> In fact, devices synchronization should be addressed by browser 
> vendors (there are tools to do that already) and we should not try to 
> support a specific implementation as I see at least two possibilities:
>
> 1) A first implementation may use the FB account to synchronize the 
> browsers settings (may require an API).
>
> 2) Some users will prefer to have their browser settings prevailing 
> and ignore the FB account settings (or ignore all "out of band" 
> exceptions). For instance, to prevent that a single FB account 
> overwrites the settings of a browser used by several users.
>
> Users may choose or configure their browser based on their priorities.
>
> Vincent
>
> ------------------------------------------------------------------------
>
> *De :*JC Cannon [mailto:jccannon@microsoft.com]
> *Envoyé :* mardi 14 février 2012 02:04
> *À :* Jonathan Mayer
> *Cc :* public-tracking@w3.org (public-tracking@w3.org)
> *Objet :* RE: ACTION-69: Renaming ISSUE-54
>
> At this point I would like to hear opinions from other people.
>
> If DNT breaks my relationship with companies I'll just leave it off. 
> That would just make for a bad experience. Punting to browser vendors 
> doesn't solve the multi-browser, user, computer issue.
>
> JC
>
> Twitter <http://twitter.com/jccannon7>
>
> *From:*Jonathan Mayer [mailto:jmayer@stanford.edu]
> *Sent:* Monday, February 13, 2012 5:00 PM
> *To:* JC Cannon
> *Cc:* public-tracking@w3.org (public-tracking@w3.org)
> *Subject:* Re: ACTION-69: Renaming ISSUE-54
>
> JC,
>
> I share your view that requiring users to give explicit consent on 
> each device is an issue.  We may want to make some accommodation in 
> the exception API, or we may decide to punt to the browser vendors.
>
> That's all, however, independent of the issue you raised: does Do Not 
> Track impose limits on third parties when 1) the user has an account, 
> and 2) the user is logged in?  I think the answer should be yes - the 
> very same limits it imposes on any other third party.
>
> Jonathan
>
> On Feb 13, 2012, at 4:50 PM, JC Cannon wrote:
>
> If I have an account with a company and I set my preferences a certain 
> way, I don't want DNT overriding that, while I'm logged in. The 
> alternative is to try to set an exception in every browser on every 
> computer I use when I've already stated my position. To me that would 
> be nightmare scenario.
>
> No, a privacy statement in and of itself should not override DNT. 
> However, I would like to see all privacy statements reference an 
> organization's position on DNT, including when they feel that a 
> member's preferences may override a DNT header.
>
> JC
>
> Twitter <http://twitter.com/jccannon7>
>
> *From:*Jonathan Mayer [mailto:jmayer@stanford.edu] 
> <mailto:%5bmailto:jmayer@stanford.edu%5d>
> *Sent:*Monday, February 13, 2012 4:42 PM
> *To:*JC Cannon
> *Cc:*Shane Wiley; public-tracking@w3.org 
> <mailto:public-tracking@w3.org> (public-tracking@w3.org 
> <mailto:public-tracking@w3.org>)
> *Subject:*Re: ACTION-69: Renaming ISSUE-54
>
> Is it your position that a privacy policy link would be adequate to 
> override DNT: 1?  If not, why can't we write that?
>
> As for sites where the user already has an account, why grant them a 
> special tracking privilege?  Any third party could put together a page 
> for managing preferences.  (And several do.)
>
> Jonathan
>
> On Feb 13, 2012, at 4:38 PM, JC Cannon wrote:
>
> I feel measuring the efficacy of a company's notice is out of scope 
> here. I also don't feel we are focusing on social sites, but sites 
> where the user has an and can manage their preferences in a 
> centralized persistent fashion.
>
> JC
>
> Twitter <http://twitter.com/jccannon7>
>
> *From:*Jonathan Mayer[mailto:jmayer@stanford.edu] 
> <mailto:%5bmailto:jmayer@stanford.edu%5d>
> *Sent:*Monday, February 13, 2012 4:33 PM
> *To:*Shane Wiley
> *Cc:*JC Cannon;public-tracking@w3.org 
> <mailto:public-tracking@w3.org>(public-tracking@w3.org 
> <mailto:public-tracking@w3.org>)
> *Subject:*Re: ACTION-69: Renaming ISSUE-54
>
> This is why standards of notice are important.  If "the user has 
> already given Facebook consent" means Facebook asked explicitly for 
> permission to identify the user on other sites and got an exception 
> through the exception API, all's well.  But if Facebook merely links 
> to its privacy policy at signup, no, that's not enough notice.  To the 
> extent others believe it is, I'd like to hear why social networks 
> deserve a special carveout from the ordinary rules.
>
> Jonathan
>
> On Feb 13, 2012, at 4:00 PM, Shane Wiley wrote:
>
> Wouldn't the current Facebook structure be considered an "out of band 
> consent" exception?  Meaning the user has already given FB consent to 
> this data collection web wide?
>
> - Shane
>
> *From:*JC Cannon[mailto:jccannon@microsoft.com] 
> <mailto:%5bmailto:jccannon@microsoft.com%5d>
> *Sent:*Monday, February 13, 2012 4:55 PM
> *To:*Jonathan Robert Mayer
> *Cc:*public-tracking@w3.org 
> <mailto:public-tracking@w3.org>(public-tracking@w3.org 
> <mailto:public-tracking@w3.org>)
> *Subject:*RE: ACTION-69: Renaming ISSUE-54
>
> How about this:
>
> 1)For social sites, manage social feature at that site or by logging out.
>
> 2)For tracking and personalization opt-out use DNT.
>
> JC
>
> Twitter <http://twitter.com/jccannon7>
>
> *From:*Jonathan Robert Mayer[mailto:jmayer@stanford.edu] 
> <mailto:%5bmailto:jmayer@stanford.edu%5d>
> *Sent:*Monday, February 13, 2012 3:19 PM
> *To:*JC Cannon
> *Cc:*public-tracking@w3.org 
> <mailto:public-tracking@w3.org>(public-tracking@w3.org 
> <mailto:public-tracking@w3.org>)
> *Subject:*Re: ACTION-69: Renaming ISSUE-54
>
> Without DNT, users would not be guaranteed the ability to opt out. 
> That's the status quo.
>
> On Feb 13, 2012, at 2:41 PM, JC Cannon <jccannon@microsoft.com 
> <mailto:jccannon@microsoft.com>> wrote:
>
>     That looks like something that is handled by Facebook, which seems
>     great to me. Why does DNT have to get involved?
>
>     JC
>
>     *From:*Jonathan Mayer[mailto:jmayer@stanford.edu]
>     <mailto:%5bmailto:jmayer@stanford.edu%5d>
>     *Sent:*Monday, February 13, 2012 2:33 PM
>     *To:*public-tracking@w3.org
>     <mailto:public-tracking@w3.org>(public-tracking@w3.org
>     <mailto:public-tracking@w3.org>)
>     *Subject:*Re: ACTION-69: Renaming ISSUE-54
>
>     Social widgets would not "stop working."  Users certainly would
>     not need to "re-enable [widgets] on every site."  To clarify,
>     here's our Facebook mock-up.
>
>     Embedded widget:
>
>     <image001.png>
>
>     Consent option:
>
>     <image002.png>
>
>     On Feb 13, 2012, at 2:07 PM, JC Cannon wrote:
>
>     If we start making changes that degrades consumers' online
>     experience or makes them work too hard to get their experience
>     back to normal they won't use. As a consumer I want to just click 
>     a button and be protected without everything else changing. If I
>     enable DNT:1 and all of a sudden all my social widgets stop
>     working or you tell me to "just" re-enable them on every site, I'm
>     just going to turn it off.
>
>     Rob provided a good example of asite
>     <http://www.heise.de/newsticker/meldung/Apple-will-deutschen-Patentstreit-mit-Motorola-in-den-USA-gewinnen-1433070.html>that
>     manages social widgets (widgets at bottom of article). I like the
>     way it works, but I wouldn't want to manage the settings on every
>     site.
>
>     Responses to your suggestions below.
>
>     JC
>
>     Twitter <http://twitter.com/jccannon7>
>
>     *From:*Jonathan Mayer[mailto:jmayer@stanford.edu]
>     <mailto:%5bmailto:jmayer@stanford.edu%5d>
>     *Sent:*Monday, February 13, 2012 1:12 PM
>     *To:*Geoff Gieron - AdTruth
>     *Cc:*JC Cannon; Jeffrey Chester; John Simpson; Justin
>     Brookman;public-tracking@w3.org <mailto:public-tracking@w3.org>
>     *Subject:*Re: ACTION-69: Renaming ISSUE-54
>
>     I've seen a few suggestions that I'd disagree with on this thread.
>      Since they seem fairly independent, I'll break them out individually.
>
>     1) We should allow social widget personalization because some
>     users might want it.
>
>     The same argument applies to any prohibited practice.  That's why
>     the TPE specification provides an explicit exception mechanism.
>      If a user wants to see more personalized content from a third
>     party or using third-party data, whether stuff their friends liked
>     or (tracking-based) interest-targeted advertising, they can
>     provide an exception.  We mocked up an exception flow for
>     Facebook's social widgets at http://donottrack.us/cookbook/.
>
>     [JC] I feel the logged in state is different from standard
>     third-party interaction. As a consumer I don't want to provide an
>     exception our use the cookbook strategy for something I already
>     control. If I don't want the functionality I will log out.
>
>     2) Social widget providers are first parties if the user has
>     logged in since the user has a business relationship with the website.
>
>     I thought we had agreement in Santa Clara and on the list that
>     third-party widgets become first party by means of user
>     interaction, not logged-in status.
>
>     [JC] I agree the widget does not get first-party status, but they
>     should still be able to personalize my experience, which I
>     control. I don't see that as first party functionality.
>
>     3) Social personalization isn't the same as third-party data
>     collection.
>
>     I don't follow this line at all.  Embedded social content is from
>     a third party, and that third party collects data.  Moreover, the
>     data collection practices currently used for social
>     personalization rely not only on a unique ID---they rely on an ID
>     tied to the user's identity.
>
>     [JC] Third parties have the ID information whether DNT is enabled
>     or not. The header tells them their obligations to me as a
>     consumer and whether or not they can process my data.
>
>     On Feb 13, 2012, at 10:40 AM, Geoff Gieron - AdTruth wrote:
>
>     JC -- you raise a valid point on tracking vs social sharing.  One
>     thing I would like to point out about this though is how logged in
>     entities like Facebook already supersede existing browser
>     solutions, such as Private Browsing (notice how Facebook still
>     knows it is you on sites outside their network when you are
>     suppose to be incognito to all entities).
>
>     So based on your ascertainment -- I do agree that DNT should not
>     disrupt the value of social sharing when you are logged in and
>     remained logged AND Private Browsing/Incognito Mode should be what
>     cuts even this level of detection by these types of services
>     regardless of login. However -- we are not standardizing Private
>     Browsing/Incognito Mode so I'm concerned that the ability by a few
>     customer facing companies like Google, Yahoo, Facebook, Amazon,
>     AOL and Microsoft essentially may have the ability to completely
>     work around all existing browser based solution offered to a consumer.
>
>     Is my concern valid to you?
>
>     *Geoff Gieron*
>
>     /Business Development Strategist/
>
>     <B6D349F0-DB69-481C-A4A8-5CC1CDE1C45E[87].png>
>
>     *O:*   +1.480.776.5525
>
>     *M:*  +1.602.418.8094
>
>     ggieron@adtruth.com <mailto:ggieron@adtruth.com>
>
>     www.adtruth.com <http://www.adtruth.com>
>
>     *From:*JC Cannon <jccannon@microsoft.com
>     <mailto:jccannon@microsoft.com>>
>     *Date:*Mon, 13 Feb 2012 17:29:21 +0000
>     *To:*Jeffrey Chester <jeff@democraticmedia.org
>     <mailto:jeff@democraticmedia.org>>
>     *Cc:*John Simpson <john@consumerwatchdog.org
>     <mailto:john@consumerwatchdog.org>>, Jonathan Robert Mayer
>     <jmayer@stanford.edu <mailto:jmayer@stanford.edu>>, Justin
>     Brookman <justin@cdt.org <mailto:justin@cdt.org>>,
>     "public-tracking@w3.org <mailto:public-tracking@w3.org>"
>     <public-tracking@w3.org <mailto:public-tracking@w3.org>>
>     *Subject:*RE: ACTION-69: Renaming ISSUE-54
>     *Resent-From:*<public-tracking@w3.org <mailto:public-tracking@w3.org>>
>     *Resent-Date:*Mon, 13 Feb 2012 17:30:10 +0000
>
>     I'm not stating that data can be collected on me. I'm only stating
>     that during a logged-in state a social site may personalize my
>     experience based on my settings on the social site. The social
>     site does not have the right to capture my browsing habits or
>     process any data on me unless I interact with its widget.
>
>     JC
>
>     Twitter <http://twitter.com/jccannon7>
>
>     *From:*Jeffrey Chester [mailto:jeff@democraticmedia.org]
>     *Sent:*Monday, February 13, 2012 9:16 AM
>     *To:*JC Cannon
>     *Cc:*John Simpson; Jonathan Robert Mayer; Justin
>     Brookman;public-tracking@w3.org <mailto:public-tracking@w3.org>
>     *Subject:*Re: ACTION-69: Renaming ISSUE-54
>
>     Let's have a further discussion on this.  Can you say what data
>     can be collected from a user when DNT:1 is on as they access
>     social services?
>
>     Jeffrey Chester
>
>     Center for Digital Democracy
>
>     1621 Connecticut Ave, NW, Suite 550
>
>     Washington, DC 20009
>
>     www.democraticmedia.org <http://www.democraticmedia.org/>
>
>     www.digitalads.org <http://www.digitalads.org/>
>
>     202-986-2220
>
>     On Feb 13, 2012, at 12:09 PM, JC Cannon wrote:
>
>     Jeff,
>
>     I disagree with your position, because I would still want that
>     feature if I'm logged in and have DNT:1 enabled. This is part of
>     the concern I have about making decisions for consumers that they
>     may not want. If I can disable the article annotation by logging
>     off from the social site, why bundle it with DNT taking away my
>     flexibility?
>
>     JC
>
>     Twitter <http://twitter.com/jccannon7>
>
>     *From:*Jeffrey Chester[mailto:jeff@democraticmedia.org]
>     <mailto:%5bmailto:jeff@democraticmedia.org%5d>
>     *Sent:*Monday, February 13, 2012 6:46 AM
>     *To:*JC Cannon
>     *Cc:*John Simpson; Jonathan Robert Mayer; Justin
>     Brookman;public-tracking@w3.org <mailto:public-tracking@w3.org>
>     *Subject:*Re: ACTION-69: Renaming ISSUE-54
>
>     JC:
>
>     DNT:1 serves as a form of granular privacy protection.  If one has
>     DNT:1 on, they don't want tracking process working--even if it
>     means they can't find out their friends enjoyed reading your
>     latest book!  Happy to discuss.
>
>     I would like to drill into this a little further. How would this
>     apply to a logged in state? If I'm logged into a social site and
>     reading an article I would be interested to know if people I trust
>     from that social site enjoyed the article or not without
>     necessarily letting people know that I viewed the article, unless
>     I select the share button. I don't want to have to enable tracking
>     just to see if my friends liked the article.
>
>     JC
>
>     Twitter <http://twitter.com/jccannon7>
>
>     *From:*John Simpson[mailto:john@consumerwatchdog.org]
>     <mailto:%5bmailto:john@consumerwatchdog.org%5d>
>     *Sent:*Wednesday, February 08, 2012 11:53 AM
>     *To:*Jeffrey Chester
>     *Cc:*Jonathan Robert Mayer; Justin Brookman;public-tracking@w3.org
>     <mailto:public-tracking@w3.org>
>     *Subject:*Re: ACTION-69: Renaming ISSUE-54
>
>     I agree that when a site acts as a third party it MUST not engage
>     in targeting based on data gathered when it was a 1st party if DNT
>     is enabled.
>
>     On Feb 8, 2012, at 8:43 AM, Jeffrey Chester wrote:
>
>
>
>     I don't think if DNT is enabled a third party should be able to
>     engage in profile-based targeting that they have collected as
>     first party, as Justin perhaps as proposed.  That would weaken
>     user intent on DNT.
>
>     Jeffrey Chester
>
>     Center for Digital Democracy
>
>     1621 Connecticut Ave, NW, Suite 550
>
>     Washington, DC 20009
>
>     www.democraticmedia.org <http://www.democraticmedia.org/>
>
>     www.digitalads.org <http://www.digitalads.org/>
>
>     202-986-2220
>
>     On Feb 8, 2012, at 11:34 AM, Jonathan Robert Mayer wrote:
>
>
>
>     In the interest of clarity, I recommend we make two ISSUEs from
>     ISSUE-54.
>
>     1) What can a first party do on its own website with provided
>     information? I completely agree with Shane that this falls into
>     the current first party proposal, and I expect we'll get consensus
>     and close the ISSUE quickly.
>
>     2) What can a first party do with submitted information when it's
>     a third party? We've already heard a range of views on this; I
>     expect lengthy discussion and perspectives from many stakeholders
>     before we close the ISSUE.
>
>
>     On Feb 8, 2012, at 7:20 AM, Justin Brookman <justin@cdt.org
>     <mailto:justin@cdt.org>> wrote:
>
>         I think Sean's restatement of the issue is a bit ambiguous. 
>         The key question is not whether a first party can alter its
>         own websites and advertising on those sites based on data it
>         collected as a first party.  It's about whether they can then
>         leverage that data when they're in a third-party environment.
>
>         I was tasked with writing up language on this in Brussels, but
>         upon reflection, my vision is already allowed for in the
>         text:  a third-party may customize content or advertising on
>         other sites based on data it had collected as a first-party. 
>         Thus, Yahoo! can serve ads on the New York Times based on what
>         I had done on the Yahoo! site (or registration information I
>         had provided to Yahoo!) and Facebook can tell me what my
>         friends like in a social widget when I go to
>         theWashingtonPost.com <http://WashingtonPost.com/>--- as long
>         as neither collects the fact that I went to NYT or WaPo (apart
>         from exceptions like ad reporting, fraud, analytics) and
>         certainly does not add that information to a profile about
>         me.  The language in the draft currently allows for this. 
>         However, I will try to put together some non-normative
>         language on this today to make it clear.  I have heard the
>         argument that this unduly favors first-party sites who have a
>         lot of user data, but I also think the privacy implications
>         are dramatically reduced when ads are influenced based on data
>         that a party already has about you.
>
>         Shane, you had seemed to disagree with this idea in Brussels,
>         so if you want to put forward a countersuggestion that's
>         fine.  Alternatively, Tom had disagreed on one of the calls
>         that Facebook should be allowed to personalize content based
>         on data it had collected as a first-party, so he may want to
>         proffer another suggestion.  I could see a stronger argument
>         against allowing Yahoo! to use passively-collected data about
>         what I read on the Yahoo! site rather than using affirmatively
>         provided info, but I personally wouldn't draw the line there. 
>         It's also possible this issue is currently being discussed
>         elsewhere on the mailing list, but I have not remotely been
>         able to keep up.
>
>         Justin Brookman
>
>         Director, Consumer Privacy
>
>         Center for Democracy&  Technology
>
>         1634 I Street NW, Suite 1100
>
>         Washington, DC 20006
>
>         tel 202.407.8812
>
>         fax 202.637.0969
>
>         justin@cdt.org  <mailto:justin@cdt.org>
>
>         http://www.cdt.org  <http://www.cdt.org/>
>
>         @CenDemTech
>
>         @JustinBrookman
>
>
>         On 2/6/2012 10:10 AM, Shane Wiley wrote:
>
>         And the proposed answer, "YES", as this appears to capture the
>         1^st party exception cleanly and we have other statements that
>         disallow a 1^st party from sharing information with 3^rd
>         parties when DNT:1.
>
>         - Shane
>
>         *From:*Sean Harvey [mailto:sharvey@google.com]
>         *Sent:*Sunday, February 05, 2012 5:27 PM
>         *To:*public-tracking@w3.org
>         <mailto:public-tracking@w3.org>Group WG
>         *Subject:*ACTION-69: Renaming ISSUE-54
>
>         Hi all, apologies for the delay in submitting my action item.
>
>         ISSUE-54 is intended to get at the question of whether or not
>         a first party is allowed to leverage their own data, including
>         registration data provided by the user at a previous time, in
>         the context of a DNT header being ON.
>
>         Keep in mind I am not intending to provide an answer, only to
>         more appropriately rename the topic.
>
>         In light of this I propose the Issue be renamed:
>
>         "Can first parties customize their own websites or advertising
>         based on their own user data when a DNT header is ON?"
>
>     ----------
>
>     John M. Simpson
>
>     Consumer Advocate
>
>     Consumer Watchdog
>
>     1750 Ocean Park Blvd. ,Suite 200
>
>     Santa Monica, CA,90405
>
>     Tel: 310-392-7041
>
>     Cell: 310-292-1902
>
>     www.ConsumerWatchdog.org <http://www.ConsumerWatchdog.org/>
>
>     john@consumerwatchdog.org <mailto:john@consumerwatchdog.org>
>
>     The information contained in this e-mail is confidential and/or
>     proprietary of AdTruth. The information transmitted herewith is
>     intended only for use by the individual or entity to which it is
>     addressed. If you are not the intended recipient, you should not
>     copy, distribute, disclose or use the information it contains,
>     please e-mail the sender immediately and delete this message from
>     your system.
>
Received on Tuesday, 14 February 2012 19:47:38 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:44:45 UTC