W3C home > Mailing lists > Public > public-tracking@w3.org > June 2012

RE: Identity providers as first parties

From: Shane Wiley <wileys@yahoo-inc.com>
Date: Fri, 15 Jun 2012 08:27:05 -0700
To: Rigo Wenning <rigo@w3.org>
CC: Tamir Israel <tisrael@cippic.ca>, "public-tracking@w3.org" <public-tracking@w3.org>, "rob@blaeu.com" <rob@blaeu.com>, Kimon Zorbas <vp@iabeurope.eu>, "ifette@google.com" <ifette@google.com>, "JC Cannon (Microsoft)" <jccannon@microsoft.com>
Message-ID: <63294A1959410048A33AEE161379C8023D1878692A@SP2-EX07VS02.ds.corp.yahoo.com>
Rigo,

I'm not completely following you.  My argument is that if tracking is part of the primary purpose defined to the user during the consent process then DNT has no place in that outcome.  I don't know why you are moving to secondary purpose here as providing a user's online identity may in some cases (depends on the technical implementation) involve seeing the URLs they are visiting.  As long as this is properly disclosed and the user consents, this can NOT be seen as secondary purpose.

On "must vs. can" - any Server can choose to leverage DNT if they so choose.  My issues are when TPWG members attempt to force the MUST outcome in these types of edge cases.  We're overburdening the standard by attempting to be all privacy solutions to all privacy issues and I believe this is seriously slowing down our progress.  I'm resigned to that reality but still want to do my best to keep us on track.

- Shane

-----Original Message-----
From: Rigo Wenning [mailto:rigo@w3.org] 
Sent: Friday, June 15, 2012 8:21 AM
To: Shane Wiley
Cc: Tamir Israel; public-tracking@w3.org; rob@blaeu.com; Kimon Zorbas; ifette@google.com; JC Cannon (Microsoft)
Subject: Re: Identity providers as first parties

On Friday 15 June 2012 08:06:01 Shane Wiley wrote:
> But in the use case we're discussing the service being provided is
> the primary purpose - a user's online identity.  A service
> determines its primary purpose, discloses this to the user, user
> consents.  Case closed.

But Shane, the primary purpose (and their legitimate consumption of 
data) is not in dispute. It is secondary use of things that you 
acquired legitimately on a primary purpose. So login fine, but use 
of all data acquired (including clickstream) for any other purpose. 
The latter is in those general conditions. By enabling a reaction on 
a DNT signal you omit discussions about how legitimate your general 
conditions are.

Again, Rob said "can use" not "must use".... The question on whether 
this can be used to be clean in Canada is a Canadian question. If 
they say DNT signal is fine with that option suggested by Rob, that 
could work. One discussion is having/creating a tool and the other 
is using that tool in a region. We can do the first here, but not 
the latter. I would strongly recommend not to mandate tools that 
haven't been tested at scale and proven to work.

Rigo
Received on Friday, 15 June 2012 15:28:01 UTC

This archive was generated by hypermail 2.3.1 : Friday, 21 June 2013 10:11:30 UTC