W3C home > Mailing lists > Public > public-tracking@w3.org > July 2013

Re: June Tracking Compliance and Scope Draft Change Submission

From: Rob Sherman <robsherman@fb.com>
Date: Tue, 9 Jul 2013 15:20:05 +0000
To: Thomas Roessler <tlr@w3.org>, Jack Hobaugh <jack@networkadvertising.org>
CC: "public-tracking@w3.org" <public-tracking@w3.org>
Message-ID: <AD30EAA8DFF4B1498B95130E78C83250273267AB@PRN-MBX02-4.TheFacebook.com>
I'd like to propose a friendly amendment to the DAA draft, which I believe is consistent with the intent of the draft  that first parties' status does not inherently give them the ability to subsequently track DNT:1 users as a third party (except as otherwise permitted, e.g., with a user-granted exception), but that there is no intent to introduce restrictions on further use of data collected as a first party  but cleans up the language to make this a bit more clear.
4. First Party Compliance

If a first party receives a DNT:1 signal the first party MAY engage in its collection and use of information within the first party context and subsequent use of that information.



Rob Sherman
Facebook | Manager, Privacy and Public Policy
1155 F Street, NW Suite 475 | Washington, DC 20004
office 202.370.5147 | mobile 202.257.3901

From: Thomas Roessler <tlr@w3.org<mailto:tlr@w3.org>>
Date: Monday, July 1, 2013 10:51 AM
To: Jack Hobaugh <jack@networkadvertising.org<mailto:jack@networkadvertising.org>>
Cc: "public-tracking@w3.org<mailto:public-tracking@w3.org>" <public-tracking@w3.org<mailto:public-tracking@w3.org>>
Subject: Re: June Tracking Compliance and Scope Draft Change Submission
Resent-From: <public-tracking@w3.org<mailto:public-tracking@w3.org>>
Resent-Date: Monday, July 1, 2013 10:51 AM

Thanks, Jack.

Reviewing this document [0], a few clarifying questions on what I believe to be substantive changes:

1. As Ed Felten notes in [1], the difference between "de-identified" and "delinked" is not entirely clear.  Can you elaborate a bit more on this point?  What would examples be that are de-identified, but not delinked?  What's meant by "internal linkage"?

2. Definition of tracking:  What are "non-affiliated web sites"?  Any reason why you don't re-use the party definition elsewhere in the document?

3. First party compliance, second paragraph.  You write: "The first party MUST NOT pass information [+without consent+] about this network interaction to third parties who could not collect the data themselves [+when DNT:1 is received+]."
Other than the carve-out if users consent to data being passed from a first party to a third party -- is any other substantive change intended, or is "when DNT:1 is received" merely meant to be an editorial clarification?

And on the carve-out: The section on user granted exceptions has a carve-out for explicit and informed consent given by the user.  Is the intent here to give a broader consent carve-out for first parties, or was that *also* meant to be merely a clarification?

4. Section 5.1.2 suggests that data that's retained must be "de-identified and delinked" after.   The general principles in section 5 essentially say that data that's de-identified (but not delinked!) can still be collected, retained, etc -- that seems logically inconsistent.  Are the general principles in section 5 meant to speak about "de-identified and delinked" data instead?  And is "delinked" meant to be used anywhere else it doesn't show up in the current text?

Also, it strikes me that the following changes are mostly editorial (which means I'd like us to leave it at the discretion of the editors how we deal with them).  If you disagree, please explain further what material change you intended:

- Move of some of the UA principles from "scope" to definition of UA.  Note that "user agent" is a term that's used in other specifications that relate to the Web (such as HTTP), and would best be used in a consistent way here and elsewhere.

- "Parties attempting to receive..." at the end of section 3 sounds like a fine way to clean up the slightly confused "user agents and web sites" drafting in that section.

- Third party compliance, second full paragraph ("The third party MAY"...) looks entirely editorial.

- Third party compliance, third full paragraph ("Outside the permitted uses") seems like an almost-editorial clarification (you can keep some data while it's waiting to be deidentified, and not used anywhere else), plus you propose dropping the example.  Is any other non-editorial change intended here?

- The edits to 5.1.1 (no secondary uses) strike me as an essentially editorial change.  Any material change intended here, or can we leave this at the editors' discretion?

0. http://lists.w3.org/Archives/Public/public-tracking/2013Jun/att-0466/NAI-DAA-DMA_June_26_draft_compared_to_June_22_Tracking_Compliance_and_Scope_copy.pdf<https://urldefense.proofpoint.com/v1/url?u=http://lists.w3.org/Archives/Public/public-tracking/2013Jun/att-0466/NAI-DAA-DMA_June_26_draft_compared_to_June_22_Tracking_Compliance_and_Scope_copy.pdf&k=ZVNjlDMF0FElm4dQtryO4A%3D%3D%0A&r=Z08z%2F0RKK7k0ZWnWkl%2FVHThU6eMXcoJl9ldvo4wGeN0%3D%0A&m=vPDPNj7EzkhI8qFSfZM1sMlX2I9XjwAljh22733iXD8%3D%0A&s=7edd90414d66bee818981686fb5ed61fdd538b110bd1af2ac44edc2498aeeefe>
1. http://www.w3.org/mid/CANZBoGhPpvFK4MC_GGmV=uOdAVyTLN9mCXrB3tfOABs6z0ibAA@mail.gmail.com<https://urldefense.proofpoint.com/v1/url?u=http://www.w3.org/mid/CANZBoGhPpvFK4MC_GGmV%3DuOdAVyTLN9mCXrB3tfOABs6z0ibAA%40mail.gmail.com&k=ZVNjlDMF0FElm4dQtryO4A%3D%3D%0A&r=Z08z%2F0RKK7k0ZWnWkl%2FVHThU6eMXcoJl9ldvo4wGeN0%3D%0A&m=vPDPNj7EzkhI8qFSfZM1sMlX2I9XjwAljh22733iXD8%3D%0A&s=6ac69bb0ae97162982127d3177dc3f829cf2b1ad52ea94bd37084b557958dbc2>


Thomas Roessler, W3C <tlr@w3.org<mailto:tlr@w3.org>> (@roessler)

On 2013-06-27, at 13:58 +0200, Jack Hobaugh <jack@networkadvertising.org<mailto:jack@networkadvertising.org>> wrote:


Please find a redline comparison of the June 22 version attached.

Please note that the deletion of Editors and the Copyright line was inadvertent and caused by the process of transforming the html document to a word document.

Best regards,


On Wed, Jun 26, 2013 at 5:08 PM, Thomas Roessler <tlr@w3.org<mailto:tlr@w3.org>> wrote:
Thanks for sending this.  A redline would be hugely helpful for others who want to review this.

PS: If there's further trouble for you sending to the mailing list, please feel free to contact Nick and me off-list.


Thomas Roessler, W3C <tlr@w3.org<mailto:tlr@w3.org>> (@roessler)

On 2013-06-26, at 17:55 +0200, Jack Hobaugh <jack@networkadvertising.org<mailto:jack@networkadvertising.org>> wrote:

Dear Group,

Please accept the attached document on behalf of industry which contains changes to the June 22 Draft of Tracking Compliance and Scope.

Best regards,


<June26 Tracking Compliance and Scope Change Submission.pdf>

Jack L. Hobaugh Jr
Network Advertising Initiative | Counsel & Senior Director of Technology
1634 Eye St. NW, Suite 750 Washington, DC 20006
P: 202-347-5341<tel:202-347-5341> | jack@networkadvertising.org<mailto:jack@networkadvertising.org>

Jack L. Hobaugh Jr
Network Advertising Initiative | Counsel & Senior Director of Technology
1634 Eye St. NW, Suite 750 Washington, DC 20006
P: 202-347-5341 | jack@networkadvertising.org<mailto:jack@networkadvertising.org>
<NAI-DAA-DMA June 26 draft compared to June 22 Tracking Compliance and Scope copy.pdf>
Received on Tuesday, 9 July 2013 15:20:39 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:45:16 UTC