W3C home > Mailing lists > Public > public-tracking@w3.org > November 2011

Re: Issue-17, Issue-51 First party obligations

From: Rob van Eijk <rob@blaeu.com>
Date: Tue, 29 Nov 2011 21:22:17 +0100
Message-ID: <4ED53EF9.7060709@blaeu.com>
To: public-tracking@w3.org
Thanks Sean.

That is interesting, because you address two things : 1. the collection 
of the data and 2. the use of the data.

Taking Roy's working definition into account we get a third element: the 
sharing of data across non-same-branded sites
> Quote Roy: "Because DNT does not mean "do not track". It means do not 
> track me across non-same-branded sites. If you have a user expectation 
> that differs from that, then we need to fix that expectation (not DNT)." 

I feel we are close to a working definition for tracking.


On 29-11-2011 19:02, Sean Harvey wrote:
> I defer to the group on this, but my own thinking was originally as 
> follows:
> If I visited a shopping site for a pair of shoes, decided against the 
> purchase in favor of something else and then became annoyed with 
> retargeted ads offering that same pair of shoes to me on other 
> locations across the web, my setting of DNT (in my mind at least) 
> should not allow the retargeting network to continue hitting me with 
> more retargeted ads for that same pair of shoes because it was 
> previously "collected with consent".
> again, this is just my opinion. also, if i'm on anyone's holiday 
> shopping list this year, my shoe size is 11...
> On Tue, Nov 29, 2011 at 12:48 PM, David Wainberg 
> <dwainberg@appnexus.com <mailto:dwainberg@appnexus.com>> wrote:
>     Assuming the data was collected with consent for that purpose, why
>     not?
>     On 11/29/11 12:39 PM, Sean Harvey wrote:
>>     to my mind the first party should not be using any third party
>>     data for targeting in a DNT-on context, and I thought that was
>>     stated elsewhere in the email chain, though I can go back and check.
>>     On Tue, Nov 29, 2011 at 12:26 PM, David Wainberg
>>     <dwainberg@appnexus.com <mailto:dwainberg@appnexus.com>> wrote:
>>         This raises an interesting issue with how this is going to
>>         work. If the user engaged DNT after the data was collected,
>>         we probably have consensus that prior collected data should
>>         not be used. However, if the user had DNT at the time the
>>         data was collected, but granted an exception to DNT, the data
>>         is ok to be used. The problem is, how does the 1st party know
>>         the difference? It will fall on the 3rd party to honor the
>>         user's choices, and the 1st party will have to trust them.
>>         On 11/29/11 9:50 AM, Jeffrey Chester wrote:
>>>         If a DNT system is to work, it must address how first party
>>>         sites incorporate third party data and also use ad
>>>         exchanges.  If a user has said they do not want to be
>>>         tracked via a third party data service, such as eXelate,
>>>         BlueKai or Experian (for example) then such user data should
>>>         not be automatically imported or used by the First party
>>>         site.  Sites increasingly mix in-house data with third party
>>>         targeting data.  A user should have reasonable control of
>>>         this process under DNT.
>>>         Jeffrey Chester
>>>         Center for Digital Democracy
>>>         1621 Connecticut Ave, NW, Suite 550
>>>         Washington, DC 20009
>>>         www.democraticmedia.org <http://www.democraticmedia.org>
>>>         On Nov 28, 2011, at 7:59 PM, JC Cannon wrote:
>>>>         John,
>>>>         I believe we are already in agreement that DNT will not
>>>>         apply to 1^st party sites. I understand the need to clarify
>>>>         that 3^rd -party sharing will be limited to certain
>>>>         exceptions, but I donít want to revisit something we have
>>>>         already agreed on.
>>>>         JC
>>>>         Twitter <http://twitter.com/jccannon7>
>>>>         *From:*John Simpson [mailto:john@consumerwatchdog.org]
>>>>         *Sent:*Monday, November 28, 2011 4:47 PM
>>>>         *To:*<public-tracking@w3.org
>>>>         <mailto:public-tracking@w3.org>> (public-tracking@w3.org
>>>>         <mailto:public-tracking@w3.org>)
>>>>         *Subject:*Issue-17, Issue-51 First party obligations
>>>>         Colleagues,
>>>>         I've been thinking a bit more about the idea of "1st Party"
>>>>         obligations if we use the frame of a 1st Party and 3rd
>>>>         Party distinction.  It seems clear to me that there is
>>>>         consensus that the 1st Party must not share data (some will
>>>>         say there are exceptions) with a 3rd party when DNT is enabled.
>>>>         It does seem to me there are further obligations.  When I
>>>>         go to a 1st party  site and interact with it, I assume it
>>>>         is using my information for that transaction.  If I
>>>>         have DNT enabled, I don't have ANY expectation that it will
>>>>         continue to use that information beyond that transaction.
>>>>          The site should ask me if it can continue to store the
>>>>         information and use it beyond that specific visit to the site.
>>>>         In other words from my perspective as a user, a 1st Party
>>>>         site should treat me as if I had cleared all my cookies the
>>>>         next time I visit the site if I have DNT enabled.
>>>>         When DNT is enabled, a 1st party should treat each session
>>>>         with a user as an entirely new session unless it has been
>>>>         given permission to store his information and use it again.
>>>>         73s,
>>>>         John
>>>>         ----------
>>>>         John M. Simpson
>>>>         Consumer Advocate
>>>>         Consumer Watchdog
>>>>         1750 Ocean Park Blvd. ,Suite 200
>>>>         Santa Monica, CA,90405
>>>>         Tel: 310-392-7041 <tel:310-392-7041>
>>>>         Cell: 310-292-1902 <tel:310-292-1902>
>>>>         www.ConsumerWatchdog.org <http://www.ConsumerWatchdog.org>
>>>>         john@consumerwatchdog.org <mailto:john@consumerwatchdog.org>
>>     -- 
>>     Sean Harvey
>>     Business Product Manager
>>     Google, Inc.
>>     212-381-5330 <tel:212-381-5330>
>>     sharvey@google.com <mailto:sharvey@google.com>
> -- 
> Sean Harvey
> Business Product Manager
> Google, Inc.
> 212-381-5330
> sharvey@google.com <mailto:sharvey@google.com>
Received on Tuesday, 29 November 2011 20:23:56 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:44:42 UTC