W3C home > Mailing lists > Public > www-p3p-policy@w3.org > October 2002

Data Collection Outsourcer

From: Andrew Gaudin <agaudin@sbcglobal.net>
Date: Wed, 2 Oct 2002 10:12:13 -0700
To: <www-p3p-policy@w3.org>
Message-ID: <HPEIJCDPGOKAODHGDEMFEEMPCNAA.agaudin@sbcglobal.net>

Greetings:

My client provides (using an ASP model) data collection and warehousing
services for its customers.  My client utilizes a third-party cookie (i.e.,
one that is served from the client's domain) in connection with providing
these services.  My client does not use the data it collects for any purpose
other than to provide its services to its customer and will not disclose the
data to anyone other than its customer (except pursuant to subpoena, court
order, etc.).  In this way, my client acts as an agent for its customer with
respect to data collection.

We do not believe that the current specifications address our situation.
While the predefined purposes (section 3.3.4) do in fact describe what the
client's customer may do with the data, there does not appear to be a
predefined "Purposes" element  that describes the purpose for which my
client collects the data ("to provide services to its web site customer").
If my client lists "Other Purpose", its cookies will not be accepted in a
setting above Medium-High (it employs an "opt-out" mechanizm), which my
client does not find acceptable.

If my client was to include the "non-identifiable" element, this issue might
be resolved, but it does not seem that the section was really designed for
this situation either.

Thoughts?

Thank you.
Andy
Received on Wednesday, 2 October 2002 15:14:15 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 17 January 2012 12:13:10 GMT