Re: Change proposal for ISSUE-5 ­ Definition of Tracking

Thanks Justin. I'm speaking on a panel at the IAPP tomorrow during our call.

I'll start to put together examples per your request.

Alan


From:  Justin Brookman <jbrookman@cdt.org>
Date:  Tuesday, October 1, 2013 2:13 PM
To:  Alan Chapell <achapell@chapellassociates.com>
Cc:  <public-tracking@w3.org>
Subject:  Re: Change proposal for ISSUE-5 ­ Definition of  Tracking

> Thanks for the precise and documented change proposal!
> 
> Whether or not this issue gets addressed in the definition of tracking, I
> think it has to get addressed in the definition of party either way.  That is,
> because *tracking* is not an operational term in the document, a company's
> cross-site activities might not be considered tracking under your definition,
> but they still might be prohibited by the standard because of a narrow
> definition of parties and a prohibition on third-party collection absent an
> operational permitted use or UGE.  So I think you should adapt your language
> below to a proposal on ISSUE-10 (as well or in lieu of this) --- if you can
> provide specific language for the call tomorrow great; otherwise we can
> discuss the concept and expect a proposal by October 9.
> 
> Also, if you could provide some examples for how this might work in practice
> under a common branding/contract regime, I think that would be useful for the
> group to consider.  One example I brought up on the call last week was DAA/IAB
> membership --- would multiples companies (including publishers, ad networks,
> and others) publicly ascribing to those codes render them one party under your
> definition?  Or would the branding have to be more robust than that?  I just
> want to tease out what this means!
> 
> Both ISSUE-5 and ISSU-10 will be discussed tomorrow, and I think we can fold
> your new issue into those discussions.
> 
> On Oct 1, 2013, at 1:47 PM, Alan Chapell <achapell@chapellassociates.com>
> wrote:
> 
>> I propose the following change proposal for ISSUE-5 ­ Definition of Tracking
>>  
>> This builds on a definition that was previously submitted by Roy.
>>  
>> “Tracking is the act of following a particular user's browsing activity
>> across multiple distinct contexts, via the collection or retention of data
>> that can associate a given request to a particular user, user agent, or
>> device, and the retention, use, or sharing of data derived from that activity
>> outside the context in which it occurred. For the purposes of this
>> definition, a context is a set of resources that EITHER: a) share the same
>> owner, data controller and a common branding, such that a user would expect
>> that data supplied to one of the resources is available to all of the others
>> within the same context, OR b) enter into contract with other parties
>> regarding the collection, retention, and use of data, share a common branding
>> that is easily discoverable by a user, and describe their tracking practices
>> clearly and conspicuously in a place that is easily discoverable by the
>> user." 
>>  
>> Rationale: I believe that we have WG consensus that common ownership, control
>> and branding provides sufficient transparency and privacy controls. Building
>> on some of David Wainberg’s recent posts, I believe that branding and
>> contractual provisions provide an equivalent level of transparency and
>> control.
>>  
>> I’m not sure if this concept should reside in the definition of of tracking,
>> or if it should sit elsewhere. I’m open to the input of the group.
>>  
>> Alternatively, we can insert this concept into the definition of First Party
>> or attempt to address data collection by context rather than by party. The
>> rationale behind the latter is that it reduces likely confusion about who is
>> a party under each specific use case, and aligns better with user
>> understanding and expectations about how data will be processed.
>>  
>> As this is an important issue that could be placed in a number of sections of
>> our specification, I’m opening up a separate issue to help ensure it doesn’t
>> fall through the cracks.
>> 
>> Alan 
>