W3C home > Mailing lists > Public > public-tracking@w3.org > November 2012

RE: Proposals for Compliance issue clean up

From: Amy Colando (LCA) <acolando@microsoft.com>
Date: Mon, 12 Nov 2012 16:10:40 +0000
To: Rob Sherman <robsherman@fb.com>, "Aleecia M. McDonald" <aleecia@aleecia.com>, "public-tracking@w3.org (public-tracking@w3.org) (public-tracking@w3.org)" <public-tracking@w3.org>
Message-ID: <81152EDFE766CB4692EA39AECD2AA5B61D979D29@TK5EX14MBXC296.redmond.corp.microsoft.com>
Rob in your example (authorizing app to share info), wouldn't that authorization already be covered under consent section?

Agree with the rest of your points regarding figuring out how various pieces fit overall into the draft.



Sent from my Windows Phone
________________________________
From: Rob Sherman
Sent: 11/11/2012 7:00 PM
To: Aleecia M. McDonald; public-tracking@w3.org (public-tracking@w3.org) (public-tracking@w3.org)
Subject: Re: Proposals for Compliance issue clean up

Aleecia,

I think it is premature to finalize a definition of "declared data" before
we have consensus on whether and how the concept is relevant.
Particularly, I'm not aware of any existing text in the Editors' Draft
that uses the term "declared data," and it seems that the question whether
a particular proposed definition of that term makes sense depends a lot on
how the term is going to be used.

On the substance of Shane's proposal, though, I'd suggest that it be
modified along the lines of my correspondence with Shane
(http://lists.w3.org/Archives/Public/public-tracking/2012Oct/0310.html) to
make clear that there are situations in which information is "declared
data" even if it is not "directly and expressly supplied by a user to a
party."  As described in the thread, Shane and I agreed that this concept
includes a situation in which the user authorizes sharing of information
but does not "directly and expressly suppl[y]" it.  (For example, we
agreed that if you specifically authorize an app to publish information
about actions you take within the app to your Facebook timeline (or
specifically authorize Facebook to receive that information), that
information would be deemed "declared data" as to Facebook even though it
is not provided "directly" by the user to Facebook.)

(I'm happy to work with Shane to modify his proposal to address this
concern.  Even with those modifications, before we finalize this
definition I think it's important for us to understand how, if at all, it
will fit into the draft.)

Thanks.

Rob



Rob Sherman
Facebook | Manager, Privacy and Public Policy
1155 F Street, NW Suite 475 | Washington, DC 20004
office 202.370.5147 | mobile 202.257.3901





On 11/9/12 3:04 PM, "Aleecia M. McDonald" <aleecia@aleecia.com> wrote:

>Here are places we might have straight-forward decisions. If there are no
>responses within a week (that is, by Friday 16 November,) we will adopt
>the proposals below.
>
>
>For issue-97 (Re-direction, shortened URLs, click analytics -- what kind
>of tracking is this?)  with action-196, we have text with no counter
>proposal. Unless someone volunteers to take an action to write opposing
>text, we will close this with the action-196 text.
>       PROPOSED: We adopt the text from action-196,
>http://lists.w3.org/Archives/Public/public-tracking/2012Jun/0106.html
>
>For issue-60 (Will a recipient know if it itself is a 1st or 3rd party?)
>we had a meeting of the minds
>(http://lists.w3.org/Archives/Public/public-tracking/2012Apr/0129.html)
>but did not close the issue. We have support for 3.5.2 Option 2,
>http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html
>#def-first-third-parties-opt-2, with one of the authors of 3.5.1 Option
>1,
>http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html
>#def-first-third-parties-opt-2 accepting Option 2. There was no sustained
>objection against Option 2 at that time. Let us find out if there is
>remaining disagreement.
>       PROPOSED: We adopt 3.5.2 Option 2,
>http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html
>#def-first-third-parties-opt-2
>
>For action-306, we have a proposed definition with accompanying
>non-normative examples
>       PROPOSED: We adopt the text from action-306 to define declared data, to
>be added to the definitions in the Compliance document,
>http://lists.w3.org/Archives/Public/public-tracking/2012Oct/0296.html
>       PROPOSED: We look for volunteers to take an action to write text
>explaining when and how declared data is relevant (See the note in
>6.1.2.3,
>http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html
>#first-party-data) to address issue-64
>
>       Aleecia
Received on Monday, 12 November 2012 16:12:16 UTC

This archive was generated by hypermail 2.3.1 : Friday, 21 June 2013 10:11:38 UTC