- From: Mike O'Neill <michael.oneill@baycloud.com>
- Date: Wed, 20 Mar 2013 20:31:22 -0000
- To: "'Jeffrey Chester'" <jeff@democraticmedia.org>, "'Rigo Wenning'" <rigo@w3.org>, "'Chris Pedigo'" <CPedigo@online-publishers.org>
- Cc: <public-tracking@w3.org>, <ifette@google.com>, "'David Singer'" <singer@apple.com>
Hi Chris, The problem I have with the data append concept, when DNT is set, is that a unique user identifier needs to be shared between the parties, in order that the appended data can be connected to a specific user. So personal data (cookie identifiers, IP addresses etc. are considered personal data in the EU) has to be shared to make it work, perhaps with other collected data such as the URI (passed for example in a Referer(sic) header). If one of the parties is a data processor for the data controller, then this could be indicated using David's service-provider mechanism and no further exemption is needed. Have you a specific example which does not require sharing a UID or other personal data (and no service provider contracts are in place)? Mike -----Original Message----- From: Jeffrey Chester [mailto:jeff@democraticmedia.org] Sent: 20 March 2013 18:57 To: Rigo Wenning Cc: public-tracking@w3.org; Chris Pedigo; ifette@google.com; David Singer Subject: Re: DNT:1 and "data append" First parties now engage in data append with many, many data partners for targeting. It's a common practice and should not be permitted when a user signals DNT.
Received on Wednesday, 20 March 2013 20:31:53 UTC