W3C home > Mailing lists > Public > public-tracking@w3.org > October 2011

RE: first parties

From: Shane Wiley <wileys@yahoo-inc.com>
Date: Thu, 6 Oct 2011 14:34:44 -0700
To: "Amy Colando (LCA)" <acolando@microsoft.com>, "Aleecia M. McDonald" <aleecia@aleecia.com>, "public-tracking@w3.org" <public-tracking@w3.org>
Message-ID: <63294A1959410048A33AEE161379C8023D01C952B1@SP2-EX07VS02.ds.corp.yahoo.com>
Amy and Aleecia,

I believe these are the same but would be amended to add Tom's suggestion.

Initial Statement:
"This standard imposes no requirements on first-party websites.  A first-party website MAY take steps to protect user privacy in responding to a Do Not Track request."

With Tom's Addition:
"This standard imposes no requirements on first-party websites.  A first-party website MAY take steps to protect user privacy in responding to a Do Not Track request and SHOULD improve notice with respect to DNT."

I agree with the Initial Statement but feel that Tom's request was out of scope to suggest first parties must improve notice across the board (not just with respect to DNT).

I would suggest the following (hopefully a winning middle-ground):
"This standard imposes no requirements on first-party websites.  A first-party website MAY take steps to protect user privacy in responding to a Do Not Track request and SHOULD provide appropriate notice in what manner they support Do Not Track if they chose to do so."

- Shane

Shane Wiley
VP, Privacy & Data Governance
Yahoo!

-----Original Message-----
From: public-tracking-request@w3.org [mailto:public-tracking-request@w3.org] On Behalf Of Amy Colando (LCA)
Sent: Thursday, October 06, 2011 1:05 PM
To: Aleecia M. McDonald; public-tracking@w3.org
Subject: RE: first parties

Sorry, not sure if I am mixing up threads.  Is this the same or different than the following, on which I thought we were (approaching) consensus on a separate thread:

>> First-Party Requirements:
>> This standard imposes no requirements on first-party websites.  A first-party website MAY take steps to protect user privacy in responding to a Do Not Track request.

-----Original Message-----
From: public-tracking-request@w3.org [mailto:public-tracking-request@w3.org] On Behalf Of Aleecia M. McDonald
Sent: Thursday, October 06, 2011 12:45 PM
To: public-tracking@w3.org
Subject: first parties

After our discussion yesterday on ISSUE-17 (Data use by 1st party,) here is what I think I heard of the two proposals on the table:
	- Jonathan is fine with the idea of a list of things first parties SHOULD (not must) do in response to receiving a DNT header, along the lines of what Tom proposed.
	- The remaining difference is that Tom wants to see improved notice as something companies MUST do to comply with DNT. 

Outside of scope for just this moment: (1) when things become more complex than an obvious first party (e.g. third party in a first party context, common branding, widgets, iFrame issues...) do we treat them or define them as first parties, or not? (ISSUE-49, ISSUE-60, ISSUE-62, ISSUE-65, ISSUE-73, ISSUE-77) (2) is there an obligation for first parties to send a response header? (ISSUE-51)

Note that a straw man draft is not the final word on the issues ahead of us, but ideally does represent a rough consensus view of where we are today. If we fail to reach any consensus, than the editors will take their best shot at creating something for the group to react to. We can, and should, note points where we lack consensus within the straw man document itself. 

PROPOSAL: include Tom's text in a straw man draft, but changing improved notice as something first parties SHOULD do. 

What say you all?

	Aleecia
Received on Thursday, 6 October 2011 21:35:26 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:44:41 UTC