- From: Mike O'Neill <michael.oneill@baycloud.com>
- Date: Mon, 8 May 2017 18:42:06 +0100
- To: "'Roy T. Fielding'" <fielding@gbiv.com>
- Cc: "'Rob van Eijk'" <rob@blaeu.com>, <singer@apple.com>, "'Matthias Schunter'" <mts-std@schunter.org>, <public-tracking@w3.org>
I agree that was the intent, but the meaning has to be inferred from the text, which should say that same-party also covers service providers. The name "same-party" adds to the confusion because it refers to a single entity (person legal or natural). What it actually contains is a list of domain names shared by multiple entities (data controllers and their data processors). In my view a better name would be sameParties (simultaneously camel casing away the hyphen) -----Original Message----- From: Roy T. Fielding [mailto:fielding@gbiv.com] Sent: 08 May 2017 17:43 To: Mike O'Neill <michael.oneill@baycloud.com> Cc: Rob van Eijk <rob@blaeu.com>; singer@apple.com; Matthias Schunter <mts-std@schunter.org>; public-tracking@w3.org Subject: Re: fyi: Fingerprinting risk > On May 6, 2017, at 1:01 AM, Mike O'Neill <michael.oneill@baycloud.com> wrote: > > Same-party is defined in the TPE text as a list of domains (not persons) that “share the same data controller”, which must mean a set of domains managed by the same entity. It says "for a site to distinguish those domains that are subject to their own control". That includes the party and service providers (processors) for that party, which in the TPE are considered the same party. > If it is supposed to also cover data processors (acting for) for the same data controller we should amend the text. Of course it is supposed to cover processors. It does that, by definition. This is separate from the controller array, which identifies the data controllers regardless of who processes the data. ....Roy
Received on Monday, 8 May 2017 17:43:10 UTC