Re: Identity providers as first parties

On Friday 15 June 2012 08:06:01 Shane Wiley wrote:
> But in the use case we're discussing the service being provided is
> the primary purpose - a user's online identity.  A service
> determines its primary purpose, discloses this to the user, user
> consents.  Case closed.

But Shane, the primary purpose (and their legitimate consumption of 
data) is not in dispute. It is secondary use of things that you 
acquired legitimately on a primary purpose. So login fine, but use 
of all data acquired (including clickstream) for any other purpose. 
The latter is in those general conditions. By enabling a reaction on 
a DNT signal you omit discussions about how legitimate your general 
conditions are.

Again, Rob said "can use" not "must use".... The question on whether 
this can be used to be clean in Canada is a Canadian question. If 
they say DNT signal is fine with that option suggested by Rob, that 
could work. One discussion is having/creating a tool and the other 
is using that tool in a region. We can do the first here, but not 
the latter. I would strongly recommend not to mandate tools that 
haven't been tested at scale and proven to work.

Rigo

Received on Friday, 15 June 2012 15:21:18 UTC