Re: First-Party sets and the potential application of the JournalList trust.txt specification from Don Marti on 2022-01-10 (public-privacycg@w3.org from January 2022)

From: Don Marti <dmarti@cafemedia.com>
Date: Mon, 10 Jan 2022 11:28:01 -0800
To: Ralph Brown <ralph@brownwolfconsulting.com>
Cc: public-privacycg@w3.org, Scott Yates <scott@journallist.net>
Message-ID: <CACA0g+oO1z+VrYA2X-NwPkfz_Y_VucUEE69R_s3N3ypE=YW6zQ@mail.gmail.com>

Hi Ralph,

This could be very helpful. I do have a question about the "control" and
"controlledBy" fields, along with the definition of "control".

Right now there is still an open topic of discussion about how First-Party
Sets will define common control for members of a set.

There is a workable definition of "controller" in GDPR: "natural or legal
person, public authority, agency or other body which, alone or jointly with
others, determines the purposes and means of the processing of personal
data." FPS is intended to be international, but this definition is the best
one I have found so far.

(For purposes of trust in journalism, data controller would probably be
necessary but not sufficient--the definition of control would have to
include content-related control.)

Would you consider making the definition of "control" more specific, to
include the GDPR language or similar on data stewardship?

Best,
Don


On Mon, Jan 10, 2022 at 10:55 AM Ralph Brown <ralph@brownwolfconsulting.com>
wrote:

> Fellow Privacy Community Group members,
>
> Scott Yates (Executive Director, JournalList.net) and I shared this
> proposal with Kaustubha Govind last month and he recommended that we share
> it with the group.
>
> The work on First-Party Sets recently came to our attention which caused
> us to join the Privacy Community Group. We think it might be interesting to
> have a conversation about what we do at JournalList.net, which is publish
> the trust.txt specification document (attached).
>
> In short, it's a simple yet powerful way to expose relationship among
> websites (spec here
> <https://journallist.net/reference-document-for-trust-txt-specifications>),
> including the relationships of  “control” and “controlledby”.
>
> The original concept was to make the relationship among news organizations
> (publishers) and press associations explicitly readable by web browsers,
> web crawlers, programmatic ad buyers, researchers, etc. It is beginning to
> gain adoption among a number of press organizations, including
> the Associated Press and Digital Content Next.
>
> These symmetric relationships “control/controlledby”, (and others) are
> beneficial as they can expose entities that attempt to overstate their
> “control” or “membership” status. If the reciprocal relationship is not
> expressed, one has to question the assertion of this relationship. For
> example, if an entity attempts to overstate their “control” by including
> websites over which they do not have control, a missing “controlledby”
> relationship would expose this.
>
> In other words, if ap.org/trust.txt expressed that it controls
> https://apnews.com/trust.txt, that would be a quick and seamless way for
> a browser to ingest a first-party relationship. If scammysite.xyz expressed
> that it had a first-party relationship with ap.org, that would be easily
> disproved by looking at ap.org/trust.txt.
>
> By allowing entities to self publish their trust.txt file it avoids the
> centralized submission/validation process, while other mechanisms can be
> used post-hoc to validate/police the self published trust.txt files.
>
> We welcome a discussion among the group on this proposal.
>
> Regards,
>
> Scott Yates & Ralph Brown
> --
> Ralph W. Brown
> Founder
> Brown Wolf Consulting LLC
> 1355 S Foothills Hwy
> Boulder, CO 80305
> m: +1-303-517-6711
> e: ralph@brownwolfconsulting.com
> w: www.brownwolfconsulting.com
>
>
>

Attachments

image/jpeg attachment: Brown_Wolf_Consulting_Logo_Trandemark_Wide.jpg

Received on Monday, 10 January 2022 20:24:56 UTC