Re: Data append? from Alan Chapell on 2013-04-01 (public-tracking@w3.org from April 2013)

From: Alan Chapell <achapell@chapellassociates.com>
Date: Mon, 01 Apr 2013 08:08:48 -0400
To: Chris Pedigo <CPedigo@online-publishers.org>, Shane Wiley <wileys@yahoo-inc.com>
CC: John Simpson <john@consumerwatchdog.org>, "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
Message-ID: <CD7EF025.2E213%achapell@chapellassociates.com>
Chris  thanks for your comments.

When you say - 

"You are proposing to restrict first parties from acquiring data that is
publicly available, collected with consent or offline data.  This is out of
scope for DNT."

Can you help us understand the basis of that claim? I understand the
"collected with consent" as Shane rightly noted in his comments. If you
could help explain your position re: the other two items. I can certainly
understand why you might WANT them out of scope, but I'd ask that you point
us to something (e.g., the charter) where that type of data is specifically
out of scope.

Similarly, are you taking the position that third parties may also obtain
publicly available data when DNT is enabled?

Thanks.

Alan 
From:  Chris Pedigo <CPedigo@online-publishers.org>
Date:  Monday, April 1, 2013 7:45 AM
To:  Shane Wiley <wileys@yahoo-inc.com>
Cc:  John Simpson <john@consumerwatchdog.org>, "public-tracking@w3.org
(public-tracking@w3.org)" <public-tracking@w3.org>
Subject:  Re: Data append?
Resent-From:  <public-tracking@w3.org>
Resent-Date:  Mon, 01 Apr 2013 11:46:03 +0000

> Agree with Shane's comments here.
> 
> Also, I would like to again point out that under the current framework of our
> standard, first parties will not be able to share data with each other about
> DNT:1 users.  And, third parties will not be able to collect any data about
> DNT:1 users.  You are proposing to restrict first parties from acquiring data
> that is publicly available, collected with consent or offline data.  This is
> out of scope for DNT.
> 
> On Mar 31, 2013, at 11:28 PM, "Shane Wiley" <wileys@yahoo-inc.com> wrote:
> 
>> John and Alan,
>>  
>> Thank you for taking the first pass at normative text for ³data append²
>> exercises from the 1st party perspective and how these interrelate to DNT.
>>  
>> A few comments:
>>  
>> -- A 1st Party MUST NOT combine or otherwise use identifiable data received
>> from another party with data it has collected while a 1st Party.
>>  
>> [I believe the DNT signal should be directed to the sender, not the
>> recipient.  In this case, I would expect the 3rd party to receive the signal
>> and appropriate not convey information within the context of DNT.  This
>> sentence should either be dropped or rewritten to focus on the sender (3rd
>> party in this context).]
>>  
>> -- A 1st Party MUST NOT share identifiable data with another party unless the
>> data was provided voluntarily by the user and is necessary to complete a
>> business transaction with the user.
>>  
>> [DNT is transactional.  I could see this prohibition working if the data
>> being passed occurred online in the context of the DNT signal being in the
>> header but for purely offline data matches I hope we agree this could not
>> work.  I would also struggle to understand a business case where a user has
>> ³shared identifiable data involuntarily²  could you please give an example?]
>>  
>> [Of course all of these are trumped by user consent.]
>>  
>> - Shane
>>  
>> 
>> From: John Simpson [mailto:john@consumerwatchdog.org]
>> Sent: Sunday, March 31, 2013 8:13 PM
>> To: public-tracking@w3.org (public-tracking@w3.org)
>> Subject: Data append?
>> Importance: High
>>  
>> 
>> Colleagues,
>> 
>>  
>> 
>> Alan  Chapell and I have agreed  on text that should cover the situation
>> regarding "data append" when DNT is received.  I look forward to discussing.
>> 
>>  
>> 
>> The text is below.
>> 
>>  
>> 
>> Regards,
>> 
>> John
>> 
>> ----
>> 
>>  
>> 
>> Normative: 
>> 
>> When DNT:1 is received:
>> 
>>  
>> 
>> -- A 1st Party MUST NOT combine or otherwise use identifiable data received
>> from another party with data it has collected while a 1st Party.
>> 
>> -- A 1st Party MUST NOT share identifiable data with another party unless the
>> data was provided voluntarily by the user and is necessary to complete a
>> business transaction with the user.
>> 
>> -- A  Party MUST NOT use data gathered while a 1st Party when operating as a
>> 3rd Party.
>> 
>>  
>> 
>> Non-Normative: 
>> 
>> When DNT:1 is received, a 1st Party retains the ability to customize content,
>> services, and advertising only within the context of the first party
>> experience. A 1st party takes the user interaction outside of the 1st party
>> experience if it receives identifiable data from another party and uses that
>> data for customization of content, services, or advertising.
>> 
>>  
>> 
>> When DNT:1 is received the 1st Party may continue to utilize user provided
>> data in order to complete or fulfill a user initiated business transaction
>> such as fulfilling an order for goods or a subscription.
>> 
>>  
>> 
>> When DNT:1 is received and a Party has become a 3rd Party it is interacting
>> with the user outside of the 1st Party experience.  Using data  gathered
>> while a 1st party is incompatible with interaction as a third party.
>> 
>>  
>> 
>>  
>> 
>>
Received on Monday, 1 April 2013 12:09:14 UTC