- From: Nicholas Doty <npdoty@w3.org>
- Date: Sat, 24 Dec 2011 02:19:40 -0500
- To: "TOUBIANA, VINCENT (VINCENT)" <Vincent.Toubiana@alcatel-lucent.com>
- Cc: Dennis Riedel <dennis.riedel@united-internet-media.de>, "public-tracking@w3.org" <public-tracking@w3.org>
- Message-Id: <B93EDEEB-693C-4488-B232-6EC72BF6497E@w3.org>
This is a proposal for the Tracking Preference Expression document. I agree with Vincent's description below, but just to be clear (in case the proposal that Shane sent around wasn't), the user-agent-managed exception proposal covers exceptions for third parties in a particular first party contexts, not site-specific exceptions for tracking by first parties. This implicitly assumes that the compliance document will grant an exemption for first-party tracking for first-party purposes (or simply that exceptions for first-party tracking won't be granted through this type of mechanism), but we could also adjust the mechanism to grant site-specific exceptions to the first parties themselves, if the compliance document moves in a direction where that would be helpful. Thanks, Nick On Dec 22, 2011, at 9:34 AM, TOUBIANA, VINCENT (VINCENT) wrote: > If the contracted third parties are covered by an exemption then Wired would not have to ask for user’s consent. There seems to be an exemption for siloed third party analytics according to the drafted proposal for Issue 31 sent this morning (http://lists.w3.org/Archives/Public/public-tracking/2011Dec/0193.html). > Wired would only have to ask user consent for third parties that are not covered by exemptions. > > Vincent > > De : Dennis Riedel [mailto:dennis.riedel@united-internet-media.de] > Envoyé : jeudi 22 décembre 2011 14:21 > À : public-tracking@w3.org > Objet : Re: ACTION-31: Write up a proposal for a user-agent-managed site-specific exception > > I have a question regarding this proposal in relation to what was said about first-party and DNT signal. As Lauren Gelman wrote recently what seems to be derived from the latest discussions: > > „A DNT ON user visits Wired. Wired as a first party is the ONLY party that can collect information from the session. It can combine that information with other information it has on the user. Wired must keep info silo'd and CANNOT transfer any info it to third parties. It CAN transfer information per exceptions to outsource certain tasks that are generally accepted as necessary to manage a website (i.e. to service providers for analytics, to service providers to provide content management or user management, even to create user segments based on data collected only on their site). But the Service providers must act in the shoes of the publishers and keep info silo'd on behalf of their clients and cannot use it for any other purpose, or combine it with any data from other clients. Third parties (widgets, ad networks, lots of others yet to be invented) cannot themselves collect information about the user and thus also cannot transfer. If there is a "significant user interaction" that sufficiently triggers a change in users' expectations, they can turn into First Parties. Then they can act under the same rules as applies to Wired.“ > > How does this description fit together with this proposal? > Would Wired have to ask the user for consent using the mechanisms described in this proposal for itself and its contracted 3rd-parties, although all data in this request is processed only for the purpose and use of Wired? > Or is this a seperate discussion for a TPL recommendation not related to the Tracking Compliance and Scope Specification and Tracking Preference Expression (DNT) > > Thank you.
Received on Saturday, 24 December 2011 07:19:57 UTC