Re: Data append?

Thanks Shane.  Some comments and questions below.


From:  Shane Wiley <wileys@yahoo-inc.com>
Date:  Sunday, March 31, 2013 11:26 PM
To:  John Simpson <john@consumerwatchdog.org>, "public-tracking@w3.org
(public-tracking@w3.org)" <public-tracking@w3.org>
Subject:  RE: Data append?
Resent-From:  <public-tracking@w3.org>
Resent-Date:  Mon, 01 Apr 2013 03:27:26 +0000

> John and Alan,
>  
> Thank you for taking the first pass at normative text for ³data append²
> exercises from the 1st party perspective and how these interrelate to DNT.
>  
> A few comments:
>  
> -- A 1st Party MUST NOT combine or otherwise use identifiable data received
> from another party with data it has collected while a 1st Party.
>  
> [I believe the DNT signal should be directed to the sender, not the recipient.

Can you help me understand what you mean by the above sentence?
 
>   In this case, I would expect the 3rd party to receive the signal and
> appropriate not convey information within the context of DNT.  This sentence
> should either be dropped or rewritten to focus on the sender (3rd party in
> this context).] 
>  
> -- A 1st Party MUST NOT share identifiable data with another party unless the
> data was provided voluntarily by the user and is necessary to complete a
> business transaction with the user.
>  
> [DNT is transactional.  I could see this prohibition working if the data being
> passed occurred online in the context of the DNT signal being in the header
> but for purely offline data matches I hope we agree this could not work.  I
> would also struggle to understand a business case where a user has ³shared
> identifiable data involuntarily² ­ could you please give an example?]

If a 1st party has a truly offline data match, (e.g., they append info
obtained from a data broker to an email and use that information to send a
catalog via USPS) then I would tend to agree. However, if that information
is appended and used to customize content or advertising in a digital
environment, then I it stands to reason that such a use case should be
covered by DNT.
>  
> [Of course all of these are trumped by user consent.]
>  
> - Shane
>  
> 
> From: John Simpson [mailto:john@consumerwatchdog.org]
> Sent: Sunday, March 31, 2013 8:13 PM
> To: public-tracking@w3.org (public-tracking@w3.org)
> Subject: Data append?
> Importance: High
>  
> 
> Colleagues,
> 
>  
> 
> Alan  Chapell and I have agreed  on text that should cover the situation
> regarding "data append" when DNT is received.  I look forward to discussing.
> 
>  
> 
> The text is below.
> 
>  
> 
> Regards,
> 
> John
> 
> ----
> 
>  
> 
> Normative: 
> 
> When DNT:1 is received:
> 
>  
> 
> -- A 1st Party MUST NOT combine or otherwise use identifiable data received
> from another party with data it has collected while a 1st Party.
> 
> -- A 1st Party MUST NOT share identifiable data with another party unless the
> data was provided voluntarily by the user and is necessary to complete a
> business transaction with the user.
> 
> -- A  Party MUST NOT use data gathered while a 1st Party when operating as a
> 3rd Party.
> 
>  
> 
> Non-Normative: 
> 
> When DNT:1 is received, a 1st Party retains the ability to customize content,
> services, and advertising only within the context of the first party
> experience. A 1st party takes the user interaction outside of the 1st party
> experience if it receives identifiable data from another party and uses that
> data for customization of content, services, or advertising.
> 
>  
> 
> When DNT:1 is received the 1st Party may continue to utilize user provided
> data in order to complete or fulfill a user initiated business transaction
> such as fulfilling an order for goods or a subscription.
> 
>  
> 
> When DNT:1 is received and a Party has become a 3rd Party it is interacting
> with the user outside of the 1st Party experience.  Using data  gathered while
> a 1st party is incompatible with interaction as a third party.
> 
>  
> 
>  
> 
>