W3C home > Mailing lists > Public > public-tracking@w3.org > September 2013

Re: Party definition, was: Re: proposed short-term changes to TCS (ISSUE-10)

From: Matthias Schunter (Intel Corporation) <mts-std@schunter.org>
Date: Mon, 23 Sep 2013 10:09:38 +0200
Message-ID: <523FF742.7090507@schunter.org>
To: public-tracking@w3.org
Hi Roy et. al.,

thanks a lot for starting a discussion on potential change proposals for 
the party definition. I assume this is meant as input to ISSUE-10: Once 
we agree what a party is, defining a "first party" should be easier.

Could you ensure that the "final" set of change proposals are sent to 
Nick/Wendy to be included into the Wiki?

Thanks a lot,

matthias

On 23/09/2013 04:40, Roy T. Fielding wrote:
> On Sep 21, 2013, at 6:09 AM, Walter van Holst wrote:
>> On 21/09/2013 01:20, Roy T. Fielding wrote:
>>
>>>>   2.4 Party
>>>>
>>>>    A party is any commercial, nonprofit, or governmental organization, a
>>>>    subsidiary or unit of such an organization, or a person. For unique
>>>>    corporate entities to qualify as a common party with respect to this
>>>>    document, those entities MUST be commonly owned and commonly controlled
>>>>    and MUST provide easy discoverability of affiliate organizations. A list
>>>>    of affiliates MUST be available through a single user interaction from
>>>>    each page, for example, by following a single link, or through a single
>>>>    click.
>>> Replace with:
>>>
>>>   A party is either a person or a set of legal entities that share a
>>>   common owner, controller, and public identity that is easily
>>>   discoverable by a user.
>> Dear Roy,
>>
>> Your definition is a substantial improvement over the current text, so
>> I'd prefer it regardless of whether the WG would accept the following
>> tweaks:
>>
>> A party is either a natural person, a legal entity or a set of legal
>> entities that share (a) common owner(s), controller(s) or public
>> identity that is easily discoverable by a user or which a user can be
>> reasonably expected to be aware of. In the case of a set of legal
>> entities the discoverability of their affiliation MUST be provided
>> through a single user interaction from each page, for example by
>> following a single link or through a single click.
>>
>> The reason I'd like to retain the provisioning of affiliation of the
>> original text is that it provides for an objective criterium whether the
>> discoverability principle is upheld or not. Which is helpful for the
>> transparency that this standard should contribute to.
> Hi Walter,
>
> Thanks for the input.  I understand your desire to add objective
> criteria for discoverability, but there are three problems here:
>
> First, we aren't talking about pages, so requiring something be
> added to every page can only be responded to with "What page?".
> A first party isn't required to have pages.
>    
> Second, I don't think it is appropriate for this standard to
> require the addition of content to every page on the Internet.
> I won't accept that as a requirement.  Requiring that information
> be present in the privacy policy is sufficient, IMO, since that
> is where data collectors will address relevant privacy concerns.
>
> Third, this section is only attempting to define what is a
> first party.  There is an entire section, later in the document,
> for requirements on first party conformance.  If we are to make
> such a requirement, it belongs there.  In other words, a site
> is a first party whether or not it has such links, so what your
> text is really saying is that the first party must have those
> links in order to share the data across more than one site.
> Hence, it is a conformance requirement on sharing, not part
> of the definition of a first party.
>
> In terms of phrasing, "a set of legal entities that share (a)
> common owner(s), controller(s) or public identity" seems to make
> that an OR choice (any one of), whereas I am pretty sure the other
> WG members want it to be common ownership AND control AND a
> discoverable.  Likewise, "or which a user can be reasonably
> expected to be aware of" seems redundant and impossible to test.
>
> The following is also fine with me:
>
>    A party is a natural person, a legal entity, or a set of legal
>    entities that share common owner(s), common controller(s), and
>    a group identity that is easily discoverable by a user.
>
>
> Cheers,
>
> Roy T. Fielding                     <http://roy.gbiv.com/>
> Senior Principal Scientist, Adobe   <https://www.adobe.com/>
>
>
Received on Monday, 23 September 2013 08:10:02 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:45:18 UTC