Re: DNT:1 and "data append" from David Singer on 2013-03-19 (public-tracking@w3.org from March 2013)

From: David Singer <singer@apple.com>
Date: Tue, 19 Mar 2013 13:55:10 -0700
To: ifette@google.com
Cc: Working Group <public-tracking@w3.org>
Message-id: <F181DA76-EB49-4B94-8416-32B9E8709F45@apple.com>

Yes, I get that, but the example given of FedEx doesn't make sense to me.  DNT is about the communication between users (and their user-agents) and sites/servers.  Unless FedEx were *also* a 3rd party on the 1st party site, then what the first communicates to them (or anyone else, including posterity in their memoirs) is a concern for the privacy policy, not DNT.

'Data append' doesn't give me enough … um … data … about who wants to append what data to what other data.

Is this about the data a 1st party site sees, and appending to previously collected data as a 1st party?  (If DNT:1 is set, then there isn't any previous 3rd party data).  If so, I can't see any reason for a set of rules, or a set that would work.

Is this about data a 3rd party site sees, and it has data collected as a 1st party?  The rules are fairly clear, I think, on that also.

Is this about data that the 1st party sees, and passes to a 3rd party for them to add?  The rules seem clear on both the passing and the retention there, also.

Someone clue me in what the question/scenario is?

On Mar 19, 2013, at 10:04 , Ian Fette (イアンフェッティ) <ifette@google.com> wrote:

> David,
> 
> John's text was explicitly proposing restrictions on first parties. ("A 1st Party MUST NOT...")
> 
> 
> On Mon, Mar 18, 2013 at 6:16 PM, David Singer <singer@apple.com> wrote:
> 
> On Mar 18, 2013, at 15:52 , Ian Fette (イアンフェッティ) <ifette@google.com> wrote:
> 
>> Presumably there would be some carve-outs here? E.g. if you come to my site with DNT1 and buy something with me,
> 
> then the site just became a first party (unless somehow the user can buy without knowingly interacting with the site…), and there are few rules for you...
> 
> John, can you back up a bit and remind me what the scenario is that troubles you, and then I can try to be more helpful...
> 
>> I'm going to share identifiable information with FedEx so that they can deliver your product...
>> 
>> 
>> On Mon, Mar 18, 2013 at 3:44 PM, John Simpson <john@consumerwatchdog.org> wrote:
>> Colleagues,
>> 
>> I wanted to propose some privacy friendly text that would cover the "data append" situation when DNT:1 is sent.  I think others are working on possible language,  but I wanted to make my proposed language available for consideration and discussion.
>> 
>> Normative
>> When DNT:1 is received:
>> 
>> -- A 1st Party MUST NOT share share identifiable data with another party.
>> -- A 1st Party MUST NOT combine identifiable data from another party with data it has collected while a 1st Party.
>> 
>> 
>> Cheers,
>> John
>> 
>> ---------
>> John M. Simpson
>> Privacy Project Director
>> Consumer Watchdog
>> 2701 Ocean Park Blvd., Suite 112
>> Santa Monica, CA, 90405
>> Tel: 310-392-7041
>> Cell: 310-292-1902
>> www.ConsumerWatchdog.org
>> john@consumerwatchdog.org
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
> 
> David Singer
> Multimedia and Software Standards, Apple Inc.
> 
> 

David Singer
Multimedia and Software Standards, Apple Inc.

Received on Tuesday, 19 March 2013 20:55:38 UTC