W3C home > Mailing lists > Public > public-tracking@w3.org > November 2011

Re: Issue-17, Issue-51 First party obligations

From: David Wainberg <dwainberg@appnexus.com>
Date: Tue, 29 Nov 2011 15:29:32 -0500
Message-ID: <4ED540AC.7020600@appnexus.com>
To: Jonathan Mayer <jmayer@stanford.edu>
CC: Sean Harvey <sharvey@google.com>, Jeffrey Chester <jeff@democraticmedia.org>, JC Cannon <jccannon@microsoft.com>, John Simpson <john@consumerwatchdog.org>, "<public-tracking@w3.org> (public-tracking@w3.org)" <public-tracking@w3.org>
I think I agree. But can you be more specific about privacy-preserving 
technologies? Do you mean, for example, purely client-side storage of 
the retargeting data?

On 11/29/11 3:20 PM, Jonathan Mayer wrote:
> I would add the important caveat that, in my view, a third party 
> should be able to use privacy-preserving interest-based targeting and 
> retargeting technologies with Do Not Track users.  Do Not Track would 
> prohibit using current retargeting systems (and other pseudonymous 
> identifier-based systems) because of their privacy properties, not 
> because they personalize ads.
> On Nov 29, 2011, at 10:02 AM, Sean Harvey wrote:
>> I defer to the group on this, but my own thinking was originally as 
>> follows:
>> If I visited a shopping site for a pair of shoes, decided against the 
>> purchase in favor of something else and then became annoyed with 
>> retargeted ads offering that same pair of shoes to me on other 
>> locations across the web, my setting of DNT (in my mind at least) 
>> should not allow the retargeting network to continue hitting me with 
>> more retargeted ads for that same pair of shoes because it was 
>> previously "collected with consent".
>> again, this is just my opinion. also, if i'm on anyone's holiday 
>> shopping list this year, my shoe size is 11...
>> On Tue, Nov 29, 2011 at 12:48 PM, David Wainberg 
>> <dwainberg@appnexus.com <mailto:dwainberg@appnexus.com>> wrote:
>>     Assuming the data was collected with consent for that purpose,
>>     why not?
>>     On 11/29/11 12:39 PM, Sean Harvey wrote:
>>>     to my mind the first party should not be using any third party
>>>     data for targeting in a DNT-on context, and I thought that was
>>>     stated elsewhere in the email chain, though I can go back and
>>>     check.
>>>     On Tue, Nov 29, 2011 at 12:26 PM, David Wainberg
>>>     <dwainberg@appnexus.com <mailto:dwainberg@appnexus.com>> wrote:
>>>         This raises an interesting issue with how this is going to
>>>         work. If the user engaged DNT after the data was collected,
>>>         we probably have consensus that prior collected data should
>>>         not be used. However, if the user had DNT at the time the
>>>         data was collected, but granted an exception to DNT, the
>>>         data is ok to be used. The problem is, how does the 1st
>>>         party know the difference? It will fall on the 3rd party to
>>>         honor the user's choices, and the 1st party will have to
>>>         trust them.
>>>         On 11/29/11 9:50 AM, Jeffrey Chester wrote:
>>>>         If a DNT system is to work, it must address how first party
>>>>         sites incorporate third party data and also use ad
>>>>         exchanges.  If a user has said they do not want to be
>>>>         tracked via a third party data service, such as eXelate,
>>>>         BlueKai or Experian (for example) then such user data
>>>>         should not be automatically imported or used by the First
>>>>         party site.  Sites increasingly mix in-house data with
>>>>         third party targeting data.  A user should have reasonable
>>>>         control of this process under DNT.
>>>>         Jeffrey Chester
>>>>         Center for Digital Democracy
>>>>         1621 Connecticut Ave, NW, Suite 550
>>>>         Washington, DC 20009
>>>>         www.democraticmedia.org <http://www.democraticmedia.org/>
>>>>         On Nov 28, 2011, at 7:59 PM, JC Cannon wrote:
>>>>>         John,
>>>>>         I believe we are already in agreement that DNT will not
>>>>>         apply to 1^st party sites. I understand the need to
>>>>>         clarify that 3^rd -party sharing will be limited to
>>>>>         certain exceptions, but I donít want to revisit something
>>>>>         we have already agreed on.
>>>>>         JC
>>>>>         Twitter <http://twitter.com/jccannon7>
>>>>>         *From:*John Simpson [mailto:john@consumerwatchdog.org]
>>>>>         *Sent:*Monday, November 28, 2011 4:47 PM
>>>>>         *To:*<public-tracking@w3.org
>>>>>         <mailto:public-tracking@w3.org>> (public-tracking@w3.org
>>>>>         <mailto:public-tracking@w3.org>)
>>>>>         *Subject:*Issue-17, Issue-51 First party obligations
>>>>>         Colleagues,
>>>>>         I've been thinking a bit more about the idea of "1st
>>>>>         Party" obligations if we use the frame of a 1st Party and
>>>>>         3rd Party distinction.  It seems clear to me that there is
>>>>>         consensus that the 1st Party must not share data (some
>>>>>         will say there are exceptions) with a 3rd party when DNT
>>>>>         is enabled.
>>>>>         It does seem to me there are further obligations.  When I
>>>>>         go to a 1st party  site and interact with it, I assume it
>>>>>         is using my information for that transaction.  If I
>>>>>         have DNT enabled, I don't have ANY expectation that it
>>>>>         will continue to use that information beyond that
>>>>>         transaction.  The site should ask me if it can continue to
>>>>>         store the information and use it beyond that specific
>>>>>         visit to the site.
>>>>>         In other words from my perspective as a user, a 1st Party
>>>>>         site should treat me as if I had cleared all my cookies
>>>>>         the next time I visit the site if I have DNT enabled.
>>>>>         When DNT is enabled, a 1st party should treat each session
>>>>>         with a user as an entirely new session unless it has been
>>>>>         given permission to store his information and use it again.
>>>>>         73s,
>>>>>         John
>>>>>         ----------
>>>>>         John M. Simpson
>>>>>         Consumer Advocate
>>>>>         Consumer Watchdog
>>>>>         1750 Ocean Park Blvd. ,Suite 200
>>>>>         Santa Monica, CA,90405
>>>>>         Tel: 310-392-7041 <tel:310-392-7041>
>>>>>         Cell: 310-292-1902 <tel:310-292-1902>
>>>>>         www.ConsumerWatchdog.org <http://www.ConsumerWatchdog.org/>
>>>>>         john@consumerwatchdog.org <mailto:john@consumerwatchdog.org>
>>>     -- 
>>>     Sean Harvey
>>>     Business Product Manager
>>>     Google, Inc.
>>>     212-381-5330 <tel:212-381-5330>
>>>     sharvey@google.com <mailto:sharvey@google.com>
>> -- 
>> Sean Harvey
>> Business Product Manager
>> Google, Inc.
>> 212-381-5330
>> sharvey@google.com <mailto:sharvey@google.com>
Received on Tuesday, 29 November 2011 20:30:01 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:44:42 UTC