W3C home > Mailing lists > Public > public-tracking@w3.org > June 2012

Re: Transitive third party exceptions

From: Rigo Wenning <rigo@w3.org>
Date: Fri, 01 Jun 2012 19:53:30 +0200
To: public-tracking@w3.org
Cc: Kevin Smith <kevsmith@adobe.com>, "ifette@google.com" <ifette@google.com>
Message-ID: <3624113.scEOtHgqWm@hegel.sophia.w3.org>
Kevin, 

On Tuesday 29 May 2012 17:02:59 Kevin Smith wrote:
> This is very interesting.  I don’t think I understand exactly what you
> mean.  Are you suggesting that 3rd parties B, C ... would not get
> DNT:0?  

No, how would the user agent know what to send to those as they are 
subsequently used without being known by first party or user. 

> What purpose limitation would entity C be under?  And how would
> it know the difference?  

If they receive data without receiving DNT;0 they know that this is under 
the known limitations. I imagine that the ad exchange networks and auction 
platforms will invent a key whether a given user is auctioned under DNT 
rules or not. 

> If entity C has limitations and cannot function
> as it normally would, then this inherently limits entities B and A
> because, although they may think they can function fully, they
> cannot.  

See, they can function fully for the service they were engaged for. But the 
limitation would be to not allow secondary and fully arbitrary independent 
re-use of the data acquired from the known third party. Secondary use would 
only be allowed if the service itself gets a DNT;0

> Here is a ridiculously simplified example - let's say that
> entity A has an exception and is therefore allowed to target a user based
> on gender.  However, entity A does not actually serve the ads, so it
> includes entity B and asks entity B to serve up an ad that will match the
> user's gender.  If entity B is not allowed to know the gender, or
> reference its visitor profile for the user etc, then it cannot serve an
> ad based on gender, so it either returns failure, or a non-targeted
> ad.  In this case, entity A was not able to fulfill its function because
> it was dependent on entity B being able to fulfill its function.

That is exactly the point why you want to have transitive permissions. B 
could do the gender reference but only in the context given by A. B could 
not store the gender reference and sell it with the data record to Z. That 
was the limitation I was talking about. 

Rigo
Received on Friday, 1 June 2012 17:53:58 UTC

This archive was generated by hypermail 2.3.1 : Friday, 21 June 2013 10:11:30 UTC