RE: Issue-32, Sharing of data between entities via cookie syncing / identity brokering

I would like to echo Shane's concerns around cookie synching, which can provide consistency between systems.

JC
Twitter<http://twitter.com/jccannon7>

From: Shane Wiley [mailto:wileys@yahoo-inc.com]
Sent: Wednesday, December 21, 2011 6:37 AM
To: TOUBIANA, VINCENT (VINCENT); public-tracking@w3.org
Cc: aleecia@aleecia.com
Subject: RE: Issue-32, Sharing of data between entities via cookie syncing / identity brokering

Vincent,

This is a good start but I believe we'll need the ability to move forward with cookie syncing even if DNT is turned on in those cases where the sync is used only for allowed operational exceptions (such as frequency capping, logging impressions for financial purposes, security, or aggregated reporting).  Cookie syncing has an unfair reputation when it is simply a technical necessity for two systems to communicate about a given web browser with the same ID (in no way linked to personally identifiable information) across diverse platforms.  As long as the map is leveraged only for accepted operational purposes, I don't believe there should be an issue here.  If the DNT signal is turned on for either the DSP or SSP, no profiling should occur for that transaction and no historical profiles should be leveraged for targeting in that case either.

- Shane

From: TOUBIANA, VINCENT (VINCENT) [mailto:Vincent.Toubiana@alcatel-lucent.com]
Sent: Wednesday, December 21, 2011 7:11 AM
To: public-tracking@w3.org
Cc: aleecia@aleecia.com
Subject: Issue-32, Sharing of data between entities via cookie syncing / identity brokering

Proposed language:
"The operator of third-party domain acting as a Supply Side Platform (SSP) receiving [DNT-ON] MAY start a cookie syncing procedure (i.e. transmit its segment ID  to DSP) but MUST NOT retain information related to the communication initiated by the User-Agent or any resulting communication.
A third party acting as a Demand-Side Platform (DSP) receiving [DNT-ON] during a cookie syncing procedure MUST NOT collect, use or retain any information related to that communication."

Background:
In a cookie syncing procedure a Demand-Side Platform (DSP) aim to match a cookieXYZ (corresponding to its domain) to the cookieABC set by the Supply Side Platform (SSP) for the same User-Agent U. Cookie syncing requires that the SSP adds a 1x1 pixel from the DSP domain. The SSP has to pass the string "cookieABC" corresponding to ids domain to the DSP through the URL of this 1x1 pixel. The DSP parses the "cookieABC" in the URL and associates it to the cookieXYZ for its domain. Once the cookies have been matches, the DSP will be able to re-target U on the SSP affiliated sites.

Alternative:
I tried propose a draft that would not break cookie syncing when the DSP has been granted an exemption while the SSP hasn't. If this approach does not work, a simpler solution is to prohibit cookie syncing when the third party receives DNT:ON.

Received on Wednesday, 21 December 2011 15:19:32 UTC