- From: Ed Felten <ed@felten.com>
- Date: Fri, 18 Nov 2011 06:04:29 -0500
- To: Mike Zaneis <mike@iab.net>
- Cc: "<public-tracking@w3.org>" <public-tracking@w3.org>
Mike, Just to be clear, are you saying that the DAA Principles documents allow first parties to share data arbitrarily with third parties, regardless of user opt-out? On Fri, Nov 18, 2011 at 12:28 AM, Mike Zaneis <mike@iab.net> wrote: > Sorry Jeff and John, but the FTC and industry are on record with this issue. > Below are my original statements, none of which have been rebuked by the > FTC: > "I have to agree with Shane that first parties are outside of the scope of > the DNT proposal. In the U.S. this has been widely agreed too, with the > Federal Trade Commission stating that: > > "The (OBA Privacy) report concludes that fewer privacy concerns may be > associated with "first-party" and "contextual" advertising than with other > behavioral advertising, and concludes that it is not necessary to include > such advertising within the scope of the principles." > http://www.ftc.gov/opa/2009/02/behavad.shtm. > > While I understand that this is meant to be a global document, U.S. > companies operate under the assumption that they are not covered by third > party requirements, which raise more consumer concerns. > > Furthermore, it seems that making non-binding policy statements as to what > first parties "could" or "should" do is not within scope of the W3C mission > nor this particular document. > > It is unlikely that first parties would adhere to restrictions that they > have been told should not affect them and thus inclusion of such provisions > would diminish adoption of any W3C standard and would subject companies that > are outside of the scope of this document to unnecessary and unjustified > public scrutiny." > Mike Zaneis > SVP & General Counsel, IAB > (202) 253-1466 > On Nov 17, 2011, at 10:08 PM, "Jeffrey Chester" <jeffreychester@me.com> > wrote: > > The ftc's position on first and third parties is evolving, I believe. We > have provided them with evidence that the distinctions between first and > third parties has eroded because of real time bidding and other data > integration practices embraced by online publishing. As First parties import > outside data for user targeting from many sources simultaneously, a user's > decision regarding DNT for such provider partner sites could be ignored, I > fear. > > Jeff Chester > Center for Digital Democracy > Washington DC > www.democraticmedia.org > Jeff@democraticmedia.org > On Nov 17, 2011, at 4:31 PM, John Simpson <john@consumerwatchdog.org> wrote: > > Mike, > The FTC hasn't taken a position on this. That only happens when the > commissioners vote and they have not. I think what you're doing is > predicting what you think a majority would say if they voted. > Best, > John > On Nov 17, 2011, at 12:28 PM, Mike Zaneis wrote: > > This is where there is a fundamental split amongst the parties. We had a > discussion several weeks ago about the first party obligations and I pointed > out that IAB and my member companies generally support the U.S. FTC position > that consumers don't expect first parties to be subject to such > restrictions. Those positions have not changed. > > Mike Zaneis > SVP & General Counsel, IAB > (202) 253-1466 > On Nov 17, 2011, at 2:56 PM, "John Simpson" <john@consumerwatchdog.org> > wrote: > > Shane, > I don't understand why we would say that a 1st party most likely will not be > subject to the DNT signal. If we continue to use the 1st party/ 3rd party > distinction, it will likely (almost certainly) have different and probably > fewer obligations than a third party. It should still be subject to the > signal. > As a user I want the 1st party site to know that I have DNT configured. As > a 1st party site operator I want to know a visitor has configured DNT and is > sending me the signal. There will be some "musts", ie not sharing data from > a DNT configured user with 3rd parties, but if I am a responsible site > operator I may chose to go further in honoring the DNT request. For > instance I might chose to not even include the visitor in my analytics. I > need to know if DNT is configured and the way this happens is by being > subject to the DNT signal. > The obligations are different, but its important that we think of all sites > being subject to the DNT signal, once it is configured in the browser. > > 73s, > John > On Nov 17, 2011, at 7:22 AM, Shane Wiley wrote: > > Karl, > > This statement is an attempt to remove the concern that a 1st party, which > will mostly likely not be subject to the DNT signal, does not have a > backdoor opportunity to pass user data directly to a 3rd party (aka - > closing a loop-hole). 3rd parties present on the 1st party's web site > should honor the DNT signal directly. > > - Shane > > -----Original Message----- > From: Karl Dubost [mailto:karld@opera.com] > Sent: Thursday, November 17, 2011 5:40 AM > To: Shane Wiley > Cc: John Simpson; Jules Polonetsky; Nicholas Doty; Roy T. Fielding; Mark > Nottingham; <public-tracking@w3.org> > Subject: Re: "cross-site" > > > Le 16 nov. 2011 à 23:30, Shane Wiley a écrit : > > Alter statement to read "First parties must NOT share user specific data > with 3rd parties for those user who send the DNT signal and have not granted > a site-specific exception to the 1st party." This will leave room for > sharing with Agents/Service Providers/Vendors to the 1st party -- as well as > sharing aggregate and anonymous data with "others" (general reporting, for > example). > > I guess you mean > s/DNT signal/DNT:1 signal" > > Trying to understand what you are saying. > > 1. User sends DNT:1 to a website with domain name www.example.org > 2. www.example.org collects data about the user > (IP address and categories of pages the user visits) > 3. Company Acme Hosting Inc. (a 3rd party) has access to these > data NOT through the Web but through an access to the logs file. > > > What is happening? > > > -- > Karl Dubost - http://dev.opera.com/ > Developer Relations & Tools, Opera Software > > > > ---------- > John M. Simpson > Consumer Advocate > Consumer Watchdog > 1750 Ocean Park Blvd. ,Suite 200 > Santa Monica, CA,90405 > Tel: 310-392-7041 > Cell: 310-292-1902 > www.ConsumerWatchdog.org > john@consumerwatchdog.org > > ---------- > John M. Simpson > Consumer Advocate > Consumer Watchdog > 1750 Ocean Park Blvd. ,Suite 200 > Santa Monica, CA,90405 > Tel: 310-392-7041 > Cell: 310-292-1902 > www.ConsumerWatchdog.org > john@consumerwatchdog.org >
Received on Friday, 18 November 2011 11:05:18 UTC