Primary Purpose from Stampley, David A on 2004-03-10 (public-p3p-spec@w3.org from March 2004)

From: Stampley, David A <David_Stampley@reyrey.com>
Date: Wed, 10 Mar 2004 10:56:51 -0500
To: "'public-p3p-spec'" <public-p3p-spec@w3.org>
Message-ID: <E8D4EE6BF5F18243A242B376BE0FA53F052E1261@oh18ex04.reyrey.com>

Okay.  I have promised to deliver and then gone back and juggled various
taxonomy configuration.  

 

1.  Challenge:  Goal is to facilitate user's ability to make an informed
privacy choice.  A catalog of conceivable primary purposes will inevitably
be incomplete and imprecise.  

 

2.  Question:  I assume it is required that the user be able to obtain the
primary purpose info before the web site collects any user data.  Does this
mean it is required that the data about primary purpose be transmitted
before a user views a web page?  As you see from the proposal below, this is
a key question.  If the purpose can be linked to the context of the display,
a more efficient, context-driven "primary purpose" is possible, as in items
3.a and 3.b, below.

 

3.  Proposal:  Instead of attempting a comprehensive list (e.g., "Top 20
purposes"), please comment on purposes specified in the following ways:

 

   a.  TRANSPARENT, USER-REQUESTED TRANSACTION:  The primary purpose is that
which should be apparent to the user based on clear and conspicuous
information displayed on a web page at or preceding the point of data
collection required to complete a user's transaction request.  (E.g.,
magazine subscription page, product purchase pages))

 

   b.  TRANSPARENT, NON-USER-REQUESTED TRANSACTION:  The primary purpose is
that which should be apparent to the user based on clear and conspicuous
information displayed on a web page at or preceding the point of data
collection required to complete the site's information request.  (E.g.,
website solicits information to include in 360-degree, PII-linked profile
[yes, I know that this scenario is unlikely]; sweepstakes form would
probably fit here, though it would also probably be dual-purposed [3.a +
3.b])

 

   c.  TRANSPARENT NON-USER-REQUESTED NAVIGATION OR PAGE CONSTRUCTION:
E.g., website personalization [local weather based on user's zip code input]

 

 

   c.  NON-TRANSPARENT NON-USER-REQUESTED NAVIGATION OR PAGE CONSTRUCTION:
E.g., ad display, redirect

 

   d.  NON-TRANSPARENT NON-USER-REQUESTED COLLECTION FOR PURPOSE OF
RETAINING INDIVIDUAL DATA:  E.g., might be 360-degree, data aggregation,
anonymous, pseudonymous, or identified.

 

   d.  NON-TRANSPARENT NON-USER-REQUESTED COLLECTION FOR PURPOSE OTHER THAN
RETAINING USER'S DATA:  E.g., creation of server logs for audit purposes;
website traffic management stats.

 

 

 

Dave Stampley

Senior Corporate Counsel and Director, Privacy

The Reynolds and Reynolds Company

One Reynolds Way, Dayton, OH  45430

v.     937-485-0424

f.      866-246-0507

david_stampley@reyrey.com

 

THIS EMAIL IS CONFIDENTIAL AND MAY ALSO BE LEGALLY PRIVILEGED.  IF YOU HAVE
RECEIVED THIS EMAIL IN ERROR, PLEASE NOTIFY THE SENDER IMMEDIATELY BY RETURN
EMAIL AND THEN DELETE THIS EMAIL FROM YOUR SYSTEM WITHOUT COPYING OR USING
THE EMAIL FOR ANY OTHER PURPOSE OR DISCLOSING IT CONTENTS.

Received on Wednesday, 10 March 2004 10:56:55 UTC