W3C home > Mailing lists > Public > public-tracking@w3.org > March 2012

Re: Parties and First Party vs. Third Party (ISSUE-10)

From: Sean Harvey <sharvey@google.com>
Date: Wed, 14 Mar 2012 00:13:47 -0400
Message-ID: <CAFy-vueGCLVCV88mPhmE-kN2+kTL_0R2=ANQJeUH4D3Q=szKjA@mail.gmail.com>
To: Jonathan Mayer <jmayer@stanford.edu>
Cc: Tracking Protection Working Group WG <public-tracking@w3.org>
Just to be very clear we absolutely do not have consensus on 2 or 3, nor
are we near consensus on those points. Easy discoverability was the main
issue to my knowledge.

On Wed, Mar 14, 2012 at 12:10 AM, Jonathan Mayer <jmayer@stanford.edu>wrote:

> We agreed in Brussels that:
> 1) If two entities are not related by corporate affiliation, they are not
> part of the same party.
> From discussion on the mailing list, I think we are very close to
> consensus on three other points:
> 2) Branding should determine party boundaries.
> 3) Branding should determine first parties and third parties.
> 4) An entity must make "discoverable" the other entities that it considers
> part of the same party.
> We do not have consensus on a final issue:
> 5) If two entities are related by corporate affiliation, are they part of
> the same party?
> I've taken a stab at text that captures these five points.  It is based on
> the current TCS document, the DAA principles, my proposal with Tom, and the
> CDT proposal.
> --------------------------------------------------
> I. Definitions
> A. Network Interaction
> A "network interaction" is an HTTP request and response, or any other
> sequence of logically related network traffic.
> B. Entity
> An "entity" is any commercial, nonprofit, or governmental organization, a
> subsidiary or unit of such an organization, or a person.
> C. Affiliation
> If an entity holds significant ownership in or exercises significant
> operational control over another entity, they are "affiliated."
> D. Party
> A "party" is any group of entities that:
> a) consistently presents common branding throughout each entity, and
> b) is related by affiliation.
> [there is debate over whether to flip the "and" to an "or"]
> E. First Parties and Third Parties
> A "first party" is any party, in a specific network interaction, that
> brands content that occupies the full window.
> A "third party" is any party, in a specific network interaction, that does
> not brand content that occupies the full window.
> II. Transparency Requirement
> A. Operative Text
> A party must make reasonable efforts to ensure users can discover which
> entities it encompasses.
> B. Non-Normative Discussion
> A list of entities in a privacy policy would ordinarily satisfy this
> requirement.

Sean Harvey
Business Product Manager
Google, Inc.
Received on Wednesday, 14 March 2012 04:14:15 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:44:46 UTC