Multiple First Parties from Rob Sherman on 2012-09-19 (public-tracking@w3.org from September 2012)

From: Rob Sherman <robsherman@fb.com>
Date: Wed, 19 Sep 2012 20:34:12 +0000
To: "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
Message-ID: <CC7FA482.12746%robsherman@fb.com>

The editors' draft of the compliance spec raises a question about how to define the circumstances in which more than one entity operates as a first party on a particular website. As drafted, the first option leaves more questions than answers because it says that this may happen in some circumstances but does not provide any concrete guidance on how a party can tell when it is a first party.

I've proposed text below that I hope leaves intact the basic intent behind the existing text — including two examples that are already there as options — but that elaborates a bit on the examples and provides some non-normative guidance about factors that an entity might consider in making a judgment whether it qualifies as a first party. The thinking is that, although we can't — and should not try to — anticipate the specifics every situation in which two entities collaborate, it would be helpful to provide some guidance in the text to people who are not in the Working Group and who may not have the context for situations that this section envisions.

Feedback on this text would, of course, be appreciated.

Rob

# # #

3.5.1.2.2 Multiple First Parties

For many websites, there will be only one party that the average user would expect to communicate with: the provider of the website the user has visited. But, for other websites, users may expect to communicate with more than one party. In these instances, a party will be deemed a first party on a particular website if it concludes that a user would reasonably expect to communicate with it using the website.

<NON-NORMATIVE>

URIs, branding, the presence of privacy policies or other disclosures that specifically identify a party, and the extent to which a party provides meaningful content or functionality on the website, may contribute to, but are not necessarily determinative of, user perceptions about whether a website is provided by more than one party.

Example: Example Sports, a well-known sports league, collaborates with Example Streaming, a well-known streaming video website, to provide content on a sports-themed video streaming website. The website is prominently advertised and branded as being provided by both Example Sports and ExampleStreaming. An ordinary user who visits the website may recognize that it isoperated by both Example Sports and Example Streaming. Both Example Sports and Example Streaming are first parties.

Example: Example Sports has a dedicated page on a Example Social, a social networking website. The page is branded with both Example Sports’ name and logo and Example Social’s name and logo. Both Example Sports’ name and Example Social’s names appear in the URI for the page. When a user visits this dedicated page, both Example Sports and Example Social are first parties.

Rob Sherman
Facebook | Manager, Privacy and Public Policy
1155 F Street, NW Suite 475 | Washington, DC 20004
office 202.370.5147 | mobile 202.257.3901

Received on Wednesday, 19 September 2012 20:34:46 UTC