- From: Giles Hogben <giles.hogben@jrc.it>
- Date: Wed, 10 Dec 2003 16:57:55 +0100
- To: <public-p3p-spec@w3.org>
- Cc: <rigo@w3.org>
- Message-ID: <000001c3bf36$5fd83550$362abf8b@cs.jrc.it>
Here is an attempt at a clear description of the problem discussed on the last couple of calls Advert providers cannot be considered data controllers because they act purely as a pipeline for data which is passed to entities posting ads. Furthermore, responsibility is not based on the URL of the advert but usually on the URL of the referrer page for the advert + the URL of the advert. This means that the normal mechanisms for P3P policy binding do not work because the practices connected to data collection for a particular ad are neither a function of the ad url NOR of the referring url but a combination of the two. Even an attempt to define a policy binding based on a combination of the ad and the referrer would fail because sometimes the referrer is missing. See attached diagram Perhaps people could comment on whether this description is clear. What we need is something that can give us policy reference files which could point to policies applying to for example Ford Motor Company ads posted on Google. I am still not entirely clear why using a combination of the referer and the ad uri could not be used as a binding. The fact that the referrer may be missing seems not so relevant because if it is missing, then data probably won't be collected anyway. ------------------------------------- Giles Hogben European Commission Joint Research Centre Institute for the Protection and Security of the Citizen Cybersecurity New technologies for Combatting Fraud Unit
Attachments
- image/gif attachment: webadproblem.gif
Received on Wednesday, 10 December 2003 11:03:42 UTC