Re: Issue-17, Issue-51 First party obligations

Thanks Amy, yes that was exactly what I thought I said in that email, but
was a bit more inclusive to include data passage to third party partners by
means other than a third party tag on the page.


On Tue, Nov 29, 2011 at 11:29 AM, Amy Colando (LCA)
<acolando@microsoft.com>wrote:

>  Thanks Sean.  The only element I would add to your explanation is that
> in the event the first party website has tags or other content from third
> parties on the first party page, those third parties would also receive the
> DNT signal (via redirects) and would respect that DNT signal as third
> parties.****
>
> ** **
>
> Absent some sort of user override, of course.****
>
> ** **
>
> *From:* Sean Harvey [mailto:sharvey@google.com]
> *Sent:* Tuesday, November 29, 2011 8:10 AM
> *To:* Jeffrey Chester
> *Cc:* JC Cannon; John Simpson; <public-tracking@w3.org> (
> public-tracking@w3.org)
> *Subject:* Re: Issue-17, Issue-51 First party obligations****
>
> ** **
>
> Hi Jeff, ****
>
> ** **
>
> On the point below I think you are expressing the majority opinion of the
> group, and that everyone is largely saying the same thing. If anyone
> disagrees, please speak up because this is I think the understanding the
> editors were under based on all of the previous discussions on the email
> chains and the in-person meetings. ****
>
> ** **
>
> My current understanding based on the dialogue we've had thus far is that
> first parties are not allowed to pass DNT-on user info to a third party
> data provider, or leverage third party data in the customization of the ad
> unit for a DNT-on user. ****
>
> ** **
>
> The key point is that "third party" is not limited to the "third party"
> that the browser sees, e.g. a third party domain relative to the web page's
> base URL. And in fact in some cases a "third party" may be a first party,
> i.e. a Facebook like button after it has been clicked/"liked". ****
>
> ** **
>
> Given the extensive conversation we've had on this topic to date, I do
> believe this is everyone's understanding already. Please speak up if I am
> mistaken. ****
>
> ** **
>
> With respect to Mr. Simpson's statement, I do not believe that this has
> been the understanding of the group to date. For example, if I as a
> voracious nytimes.com reader have DNT on, the consensus to date of the
> group had been prior to Mr. Simpson's email been that the New York Times
> can still know who I am, but that they cannot pass this information on to
> third party advertising/data partners, and that those who advertise on the
> New York Times are not allowed to collect my user data. I'm not suggesting
> we can't re-open this conversation, merely stating the status of the
> conversations of this committee to date. ****
>
> ** **
>
> sean****
>
> ** **
>
> ** **
>
> ** **
>
> ** **
>
> ** **
>
> ** **
>
> ** **
>
> ** **
>
> ** **
>
> ** **
>
> On Tue, Nov 29, 2011 at 9:50 AM, Jeffrey Chester <jeff@democraticmedia.org>
> wrote:****
>
> If a DNT system is to work, it must address how first party sites
> incorporate third party data and also use ad exchanges.  If a user has said
> they do not want to be tracked via a third party data service, such as
> eXelate, BlueKai or Experian (for example) then such user data should not
> be automatically imported or used by the First party site.  Sites
> increasingly mix in-house data with third party targeting data.  A user
> should have reasonable control of this process under DNT.****
>
> ** **
>
> ** **
>
> ** **
>
> Jeffrey Chester****
>
> Center for Digital Democracy****
>
> 1621 Connecticut Ave, NW, Suite 550****
>
> Washington, DC 20009****
>
> www.democraticmedia.org****
>
> ** **
>
> On Nov 28, 2011, at 7:59 PM, JC Cannon wrote:****
>
> ** **
>
>   John,****
>
>  ****
>
> I believe we are already in agreement that DNT will not apply to 1st party
> sites. I understand the need to clarify that 3rd-party sharing will be
> limited to certain exceptions, but I don’t want to revisit something we
> have already agreed on.****
>
>  ****
>
> JC****
>
> Twitter <http://twitter.com/jccannon7>****
>
>  ****
>
> *From:* John Simpson [mailto:john@consumerwatchdog.org]
> *Sent:* Monday, November 28, 2011 4:47 PM
> *To:* <public-tracking@w3.org> (public-tracking@w3.org)
> *Subject:* Issue-17, Issue-51 First party obligations****
>
>  ****
>
> Colleagues,****
>
>  ****
>
> I've been thinking a bit more about the idea of "1st Party" obligations if
> we use the frame of a 1st Party and 3rd Party distinction.  It seems clear
> to me that there is consensus that the 1st Party must not share data (some
> will say there are exceptions) with a 3rd party when DNT is enabled.****
>
>  ****
>
> It does seem to me there are further obligations.  When I go to a 1st
> party  site and interact with it, I assume it is using my information for
> that transaction.  If I****
>
> have DNT enabled, I don't have ANY expectation that it will continue to
> use that information beyond that transaction.  The site should ask me if it
> can continue to store the information and use it beyond that specific visit
> to the site.****
>
>  ****
>
> In other words from my perspective as a user, a 1st Party site should
> treat me as if I had cleared all my cookies the next time I visit the site
> if I have DNT enabled.****
>
>  ****
>
> When DNT is enabled, a 1st party should treat each session with a user as
> an entirely new session unless it has been given permission to store his
> information and use it again.****
>
>  ****
>
> 73s,****
>
> John****
>
> ----------****
>
> John M. Simpson****
>
> Consumer Advocate****
>
> Consumer Watchdog****
>
> 1750 Ocean Park Blvd. ,Suite 200****
>
> Santa Monica, CA,90405****
>
> Tel: 310-392-7041****
>
> Cell: 310-292-1902****
>
> www.ConsumerWatchdog.org****
>
> john@consumerwatchdog.org****
>
>  ****
>
>   ** **
>
>
>
> ****
>
> ** **
>
> --
> Sean Harvey
> Business Product Manager
> Google, Inc.
> 212-381-5330
> sharvey@google.com****
>



-- 
Sean Harvey
Business Product Manager
Google, Inc.
212-381-5330
sharvey@google.com