Re: tracking-ISSUE-219 from Nicholas Doty on 2013-10-09 (public-tracking@w3.org from October 2013)

From: Nicholas Doty <npdoty@w3.org>
Date: Wed, 9 Oct 2013 00:33:03 -0700
To: Walter van Holst <walter.van.holst@xs4all.nl>, Justin Brookman <jbrookman@cdt.org>, Alan Chapell <achapell@chapellassociates.com>, John Simpson <john@consumerwatchdog.org>
Cc: Tracking Protection Working Group <public-tracking@w3.org>
Message-Id: <C7E4066F-3BAD-43E3-BA83-BE0698AC9F05@w3.org>

Thanks, Walter, and thanks for highlighting the situation, Justin.

I've created a separate page tracking change proposals for issue-219, and renamed issue-219 to be specific to limitations on use in a third party context of data collected in a first party context. (Walter, I believe that to be the aim of your change proposal, but if you think I've misunderstood, please correct me.)

http://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_Limitations_on_use_in_Third_Party_Context

Two existing change proposals (from Alan and Yianni) we had tracked under issue-170 (first-party compliance) were specific to this topic, so I've moved those over, along with Walter's proposed change and Rob's proposed no change. Walter and Alan, it may be that you can combine your proposals and if so -- great! (I personally find it easier to understand Walter's text change, for what it's worth.)

John Simpson, your proposal regarding first-party compliance had three parts to it, of which the last is a prohibition similar to what Walter has described. I suspect that it would actually be clearer to have that text in the third-party compliance section, but in the meantime, that bullet is still in the change proposal for issue-170, and I've added a link on that page over to issue-219, since there is that overlap.

Thanks,
Nick

On October 2, 2013, at 7:23 AM, Justin Brookman <jbrookman@cdt.org> wrote:

> Thanks, Walter.
> 
> Nick, this is similar to text previously proposed by Alan Chapell (and possibly John Simpson as well?), so Alan's language which is currently here in the wiki: http://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_First_Party_Compliance should probably be moved to a new page that includes Walter's issue/text.
> 
> I think the issues of "first party compliance as a first party" and "first party compliance subsequently as a third party" are sufficiently distinct that we should treat them separately.
> 
> On Oct 2, 2013, at 9:59 AM, "Tracking Protection Working Group Issue Tracker" <sysbot+tracker@w3.org> wrote:
> 
>> tracking-ISSUE-219 (Context separation): 3rd parties that are 1st parties must not use data across these contexts [Compliance Current]
>> 
>> http://www.w3.org/2011/tracking-protection/track/issues/219
>> 
>> Raised by: Walter van Holst
>> On product: Compliance Current
>> 
>> The current standard allows for a) 1st parties that sometimes also are 3rd parties to b) use data gathered in that 1st party quality when in a 3rd party quality. This runs counter to reasonable user expectations and against the very core issue: the tracking across different contexts. Therefore:
>> 
>> "the third party MUST NOT use data about previous network interactions in which it was a third party, outside of the permitted uses as defined within this recommendation and any explicitly-granted exceptions, provided in accordance with the requirements of this recommendation."
>> 
>> Should replaced with:
>> 
>> "the third party MUST NOT use data bout previous network interactions in which it was a party, outside of the meritted uses as defined within this recommendation and any explicitly-granted exceptions, provided in accordance with the requirements of this recommendation."
>> 
>> 
>> 
>

Received on Wednesday, 9 October 2013 07:33:27 UTC