Re: DNT:1 and "data append" from Dan Auerbach on 2013-03-19 (public-tracking@w3.org from March 2013)

From: Dan Auerbach <dan@eff.org>
Date: Tue, 19 Mar 2013 15:46:30 -0700
To: public-tracking@w3.org
Message-ID: <5148EAC6.7050203@eff.org>
Thanks for sending out the text, John. I think it would be conceptually
clean if the "data append" discussion were to also cover linking of data
received as a first party with data received as a third party.

Here's a concrete example. ExampleSocial has widgets embedded on other
sites all over the web. A user who is signed into ExampleSocial may
ordinarily get a personalized experience when browsing ("omg, here are
your friends who also love justinbiebertotallyrules.com"). For DNT:1
users with no site exception for ExampleSocial, we must ensure that
ExampleSocial cannot link the data it has received as a third-party with
first party data. In other words, even if ExampleSocial receives a
session cookie (or tracking cookie), is it NOT allowed to use that
cookie to retrieve personal information in order to display a
personalized widget on justinbiebertotallyrules.com, or in any way link
any information from the request it receives on the third party site
with first-party data. If we forbid ExampleSocial this linking, we of
course will have forbidden data append in this instance.

Dan

PS Miraculously, justinbiebertotallyrules.com doesn't appear to be a
registered domain. Yet.

On 03/19/2013 03:10 PM, Jeffrey Chester wrote:
> DNT should halt the practice of digital data append data chaining that
> is now the norm in the industry.  First and third parties have
> seamlessly integrated real-time and complex forms of data append--used
> for profiling, tracking, offers, etc.  DNT:1 should signal to First
> parties:  No append without informed prior consent.  Otherwise DNT
> will be meaningless.
>
>
>
>
> Jeffrey Chester
> Center for Digital Democracy
> 1621 Connecticut Ave, NW, Suite 550
> Washington, DC 20009
> www.democraticmedia.org <http://www.democraticmedia.org>
> www.digitalads.org <http://www.digitalads.org>
> 202-986-2220
>
> On Mar 19, 2013, at 3:19 PM, Chris Pedigo wrote:
>
>> John, I continue to have many concerns about a “data append”
>> restriction.  Below, I have addressed what I perceive to be two
>> concerns raised by proponents of a Data Append restriction.  But, I
>> am curious to know if you have additional concerns or comments.
>>  
>> 1)      Concern:  In the process of a 1^st  party acquiring data, the
>> 1^st  party may inadvertently share data with a third party (namely
>> that a DNT:1 user visited the 1^st  party’s site).
>>  
>> I believe the standard already addresses this concern as 1^st
>>  parties are prohibited from sharing data with a 3^rd  party that it
>> could not otherwise collect for its independent use.  Indeed, many
>> “data appends” are conducted today using a double blind approach so
>> that the 3^rd  party never sees the 1^st  party data.  In some cases,
>> the 3^rd  party may see the data, but it would be contractually
>> prohibited from using the data for its own use.  Thus, it could
>> qualify under the service provider provision (contract + no
>> independent right to use data).  Regardless of today’s practices, the
>> prohibition on 1^st  parties sharing data would address this concern.
>>  
>> 2)      Concern:  1^st  parties should be prohibited from building
>> profiles about its users.
>>  
>> My concern with this kind of prohibition is that it would be
>> completely inappropriate and out of scope for DNT.  In a world where
>> 1^st  parties cannot share data and 3^rd  parties cannot collect data
>> about DNT:1 users, there are only certain kinds of data sets that
>> would remain available to be appended – publicly available data, data
>> collected with consent, off-line data and pre-DNT data.  I think
>> there is broad agreement that none of these data sets should be
>> restricted by DNT.  Moreover, we have already largely exempted 1^st
>>  parties from DNT, because consumers have different expectations with
>> regard to 1^st parties.  They have a direct relationship with the
>> 1^st  party since they chose to visit the site and consumers have
>> fundamental choices about the sites they can visit (or not visit).
>>  
>> Also, let’s take this one step further – what happens after a
>> publisher has learned more about its audience?  Under the rules of
>> DNT, it still cannot share data about DNT:1 users.  So, how would a
>> publisher use this appended data set for its internal purposes? 
>> There are a few ways it would be used – 1^st  party marketing,
>> audience measurement and content personalization are the primary
>> purposes.  IMO, none of these uses violate a user’s expectations. 
>>  
>> In summary, I think DNT is useful because it provides a clean, easy
>> way to express a preference with regard to 3^rd  party data
>> collection.  We should remain focused on providing this basic
>> functionality.
>>  
>>  
>> *From:* Ian Fette (イアンフェッティ) [mailto:ifette@google.com] 
>> *Sent:* Tuesday, March 19, 2013 1:05 PM
>> *To:* David Singer
>> *Cc:* Working Group
>> *Subject:* Re: DNT:1 and "data append"
>>  
>> David,
>>  
>> John's text was explicitly proposing restrictions on first parties.
>> ("A 1st Party MUST NOT...")
>>
>>  
>>
>> On Mon, Mar 18, 2013 at 6:16 PM, David Singer <singer@apple.com
>> <mailto:singer@apple.com>> wrote:
>>  
>> On Mar 18, 2013, at 15:52 , Ian Fette (イアンフェッティ)
>> <ifette@google.com <mailto:ifette@google.com>> wrote:
>>
>>
>> Presumably there would be some carve-outs here? E.g. if you come to
>> my site with DNT1 and buy something with me,
>>  
>> then the site just became a first party (unless somehow the user can
>> buy without knowingly interacting with the site…), and there are few
>> rules for you...
>>  
>> John, can you back up a bit and remind me what the scenario is that
>> troubles you, and then I can try to be more helpful...
>>
>>
>> I'm going to share identifiable information with FedEx so that they
>> can deliver your product...
>>
>>  
>>
>> On Mon, Mar 18, 2013 at 3:44 PM, John Simpson
>> <john@consumerwatchdog.org <mailto:john@consumerwatchdog.org>> wrote:
>> Colleagues,
>>  
>> I wanted to propose some privacy friendly text that would cover the
>> "data append" situation when DNT:1 is sent.  I think others are
>> working on possible language,  but I wanted to make my proposed
>> language available for consideration and discussion.
>>  
>> Normative
>> When DNT:1 is received:
>>  
>> -- A 1st Party MUST NOT share share identifiable data with another party.
>> -- A 1st Party MUST NOT combine identifiable data from another party
>> with data it has collected while a 1st Party.
>>  
>>  
>> Cheers,
>> John
>>  
>> ---------
>> John M. Simpson
>> Privacy Project Director
>> Consumer Watchdog
>> 2701 Ocean Park Blvd., Suite 112
>> Santa Monica, CA, 90405
>> Tel: 310-392-7041 <tel:310-392-7041>
>> Cell: 310-292-1902 <tel:310-292-1902>
>> www.ConsumerWatchdog.org <http://www.consumerwatchdog.org/>
>> john@consumerwatchdog.org <mailto:john@consumerwatchdog.org>
>>  
>>  
>>  
>>  
>>
>>  
>>
>>  
>>  
>>  
>> David Singer
>> Multimedia and Software Standards, Apple Inc.
>>  
>


-- 
Dan Auerbach
Staff Technologist
Electronic Frontier Foundation
dan@eff.org
415 436 9333 x134
Received on Tuesday, 19 March 2013 22:46:59 UTC