RE: first-party third-party from Mike O'Neill on 2015-12-10 (public-tracking@w3.org from December 2015)

From: Mike O'Neill <michael.oneill@baycloud.com>
Date: Thu, 10 Dec 2015 14:29:40 -0000
To: "'Rob Sherman'" <robsherman@fb.com>, <public-tracking@w3.org>
Cc: "'Nick Doty'" <npdoty@w3.org>
Message-ID: <031701d13357$350beb80$9f23c280$@baycloud.com>
Thanks Rob, I agree the idea is to clarify the distinction rather than
reopen the issue. 

 

One problem is the definition of Party refers to entities while First Party
and Third Party refer to roles. ( A Service Provider is acting in the role
of its contractee in the particular network interaction). 

 

How about the following (I have taken your suggested wording and formatted
it to be added as non-normative text to the Party definition, and renumbered
the paragraphs describing dependant definitions):

 

2.5 Party

 

A party is a natural person, a legal entity, or a set of legal entities that
share common owner(s), common controller(s), and a group identity that is
easily discoverable by a user. Common branding or providing a list of
affiliates that is available via a link from a resource where a party
describes DNT practices are examples of ways to provide this
discoverability.[no change]

 

When data pertaining to a user’s actions is collected as a result of one or
more network interactions a Party acts in one of three roles defined below,
i.e. as a Service Provider, as a First Party or as a Third Party. These
terms are not meant to denote the business practices of entities as a whole,
but rather to describe a party’s role in a particular network interaction.
In each interaction an origin server (controlled by a Party)  determines in
which of these roles it is operating and follows the relevant procedures
described under [Server Compliance]

 

2.5.1 Service Provider

 

[same Definition as existing 2.6]

 

2.5.2 First Party

 

[same Definition as existing 2.7]

 

2.5.3 Third Party

 

[same Definition as existing 2.8]

 

From: Rob Sherman [mailto:robsherman@fb.com] 
Sent: 10 December 2015 05:09
To: Mike O'Neill <michael.oneill@btinternet.com>; public-tracking@w3.org
Cc: 'Nick Doty' <npdoty@w3.org>
Subject: Re: first-party third-party

 

Mike,

 

I’m not sure that this text helps clarify, and it seems in some ways
inconsistent with other provisions of the text that have been agreed upon by
the Working Group.  For example, your proposal specifies that there can only
be a single first party in a particular network interaction, whereas Section
2.7 envisions that in some cases there may be multiple first parties to a
given network interaction.  Likewise, the standard you specify below (“the
entity that a user deliberately intended, in any particular action, to
interact with”) is different from the language that’s specified in the
agreed-upon text.  I don’t think it’s necessary or appropriate to redefine
these terms, especially after so much detailed discussion of these issues
over the years within the Working Group — and I worry that doing so in this
way could introduce multiple definitions, which could increase confusion
rather than solve it.

 

If I’m understanding correctly, the main misunderstanding is that some
people who haven’t been actively involved in our discussions may believe
that the terms “first party” and “third party” are intended to characterize
the business practices of particular entities as a whole, rather than to
describe their roles in a particular network interaction.  Would making just
that clarification in non-normative text help address the concern without
reopening the substantive issue?

 

Rob

 

 

Rob Sherman

Facebook | Deputy Chief Privacy Officer

1299 Pennsylvania Avenue, NW | Suite 800 | Washington, DC 20004 |
202.370.5147 

 

From: Mike O'Neill <michael.oneill@btinternet.com
<mailto:michael.oneill@btinternet.com> >
Date: Thursday, November 26, 2015 at 9:50 AM
To: "public-tracking@w3.org <mailto:public-tracking@w3.org> "
<public-tracking@w3.org <mailto:public-tracking@w3.org> >
Cc: Nicholas Doty <npdoty@w3.org <mailto:npdoty@w3.org> >
Subject: first-party third-party
Resent-From: <public-tracking@w3.org <mailto:public-tracking@w3.org> >
Resent-Date: Thursday, November 26, 2015 at 9:51 AM

 

Here is some text aiming to clear up the evident misunderstandings about
parties. It could go in the introduction of the TCS or in the Compliance
paragraph 

 

For the sake of clarity, a first party, as defined in the Definitions
section of this document, is the entity that a user deliberately intended,
in any particular action, to interact with. Other entities, whether or not
they manage servers receiving DNT signals as part of that interaction, are
third parties to that user action. The terms “first party” and “third party”
is not meant to indicate a particular type of entity but only to
differentiate between those that a user intended to interact with, and those
they did not.
Received on Thursday, 10 December 2015 14:30:15 UTC