Re: Issue-17, Issue-51 First party obligations from Sean Harvey on 2011-11-29 (public-tracking@w3.org from November 2011)

From: Sean Harvey <sharvey@google.com>
Date: Tue, 29 Nov 2011 11:09:34 -0500
To: Jeffrey Chester <jeff@democraticmedia.org>
Cc: JC Cannon <jccannon@microsoft.com>, John Simpson <john@consumerwatchdog.org>, "<public-tracking@w3.org> (public-tracking@w3.org)" <public-tracking@w3.org>
Message-ID: <CAFy-vucsNx-vx6F32b_6b_Eihon-Cd5kZdqm_TbA03Bp6u+=pw@mail.gmail.com>

Hi Jeff,

On the point below I think you are expressing the majority opinion of the
group, and that everyone is largely saying the same thing. If anyone
disagrees, please speak up because this is I think the understanding the
editors were under based on all of the previous discussions on the email
chains and the in-person meetings.

My current understanding based on the dialogue we've had thus far is that
first parties are not allowed to pass DNT-on user info to a third party
data provider, or leverage third party data in the customization of the ad
unit for a DNT-on user.

The key point is that "third party" is not limited to the "third party"
that the browser sees, e.g. a third party domain relative to the web page's
base URL. And in fact in some cases a "third party" may be a first party,
i.e. a Facebook like button after it has been clicked/"liked".

Given the extensive conversation we've had on this topic to date, I do
believe this is everyone's understanding already. Please speak up if I am
mistaken.

With respect to Mr. Simpson's statement, I do not believe that this has
been the understanding of the group to date. For example, if I as a
voracious nytimes.com reader have DNT on, the consensus to date of the
group had been prior to Mr. Simpson's email been that the New York Times
can still know who I am, but that they cannot pass this information on to
third party advertising/data partners, and that those who advertise on the
New York Times are not allowed to collect my user data. I'm not suggesting
we can't re-open this conversation, merely stating the status of the
conversations of this committee to date.

sean

On Tue, Nov 29, 2011 at 9:50 AM, Jeffrey Chester
<jeff@democraticmedia.org>wrote:

> If a DNT system is to work, it must address how first party sites
> incorporate third party data and also use ad exchanges.  If a user has said
> they do not want to be tracked via a third party data service, such as
> eXelate, BlueKai or Experian (for example) then such user data should not
> be automatically imported or used by the First party site.  Sites
> increasingly mix in-house data with third party targeting data.  A user
> should have reasonable control of this process under DNT.
>
>
>
> Jeffrey Chester
> Center for Digital Democracy
> 1621 Connecticut Ave, NW, Suite 550
> Washington, DC 20009
> www.democraticmedia.org
>
> On Nov 28, 2011, at 7:59 PM, JC Cannon wrote:
>
> John,****
> ** **
> I believe we are already in agreement that DNT will not apply to 1st party
> sites. I understand the need to clarify that 3rd-party sharing will be
> limited to certain exceptions, but I don’t want to revisit something we
> have already agreed on.****
> ** **
> JC****
> Twitter <http://twitter.com/jccannon7>****
> ** **
> *From:* John Simpson [mailto:john@consumerwatchdog.org]
> *Sent:* Monday, November 28, 2011 4:47 PM
> *To:* <public-tracking@w3.org> (public-tracking@w3.org)
> *Subject:* Issue-17, Issue-51 First party obligations****
> ** **
> Colleagues,****
> ** **
> I've been thinking a bit more about the idea of "1st Party" obligations if
> we use the frame of a 1st Party and 3rd Party distinction.  It seems clear
> to me that there is consensus that the 1st Party must not share data (some
> will say there are exceptions) with a 3rd party when DNT is enabled.****
> ** **
> It does seem to me there are further obligations.  When I go to a 1st
> party  site and interact with it, I assume it is using my information for
> that transaction.  If I****
> have DNT enabled, I don't have ANY expectation that it will continue to
> use that information beyond that transaction.  The site should ask me if it
> can continue to store the information and use it beyond that specific visit
> to the site.****
> ** **
> In other words from my perspective as a user, a 1st Party site should
> treat me as if I had cleared all my cookies the next time I visit the site
> if I have DNT enabled.****
> ** **
> When DNT is enabled, a 1st party should treat each session with a user as
> an entirely new session unless it has been given permission to store his
> information and use it again.****
> ** **
> 73s,****
> John****
> ----------****
> John M. Simpson****
> Consumer Advocate****
> Consumer Watchdog****
> 1750 Ocean Park Blvd. ,Suite 200****
> Santa Monica, CA,90405****
> Tel: 310-392-7041****
> Cell: 310-292-1902****
> www.ConsumerWatchdog.org****
> john@consumerwatchdog.org****
> ** **
>
>
>

-- 
Sean Harvey
Business Product Manager
Google, Inc.
212-381-5330
sharvey@google.com

Received on Tuesday, 29 November 2011 16:10:06 UTC