W3C home > Mailing lists > Public > public-tracking@w3.org > October 2011

Issue 5 and First and Third parties

From: John Simpson <john@consumerwatchdog.org>
Date: Wed, 26 Oct 2011 19:35:49 -0700
Message-Id: <711F6E17-2B5E-4ABA-904A-C52936412D84@consumerwatchdog.org>
To: public-tracking@w3.org
I believe this relates to ISSUE 5.

Both the TPE specification  and the TPS documents appear to assume that we only are concerned about cross-site and third-party tracking.  First-party sites also track. While first-party tracking may be better understood by and be more acceptable to users than third-party, necessitating fewer obligations when a DNT message is received, nonetheless there are obligations.  For instance, a first-party site must not send user information to a Third Party site when a user visits with DNT enabled.

Shouldn't the straw-men documents explicitly make clear that First-Party sites do track and do have some obligations when the DNT message is received?

Shouldn't the introduction of the TPE imply read:
"Therefore, we need a mechanism for the user to express their own preference regarding [delete cross-site] tracking that is both simple to configure and efficient when implemented. "?

Shouldn't Section 4. of the TPE simply read:
4. Expressing a Tracking Preference - "When a user has configured a tracking preference, that preference needs to be expressed to all mechanisms that might perform or initiate tracking [delete third parties], including sites that the user agent communicates with via HTTP, scripts that can extend behavior on pages, and plug-ins or extensions that might be installed and activated for various media types."?

I am confused by the TPS when it asserts in Section 4.1:

4.1 First-Party Compliance:

"This standard imposes no requirements on the operators of first-party websites.
"If the operator of a first party domain receives a request to which a "Do Not Track" header is attached, that operator must not transmit behavioral data in identifiable form about that user to a third party with the intention or knowledge that the third party shall store and use the data in a way that links that data to other information about a specific person or device, UNLESS that operator has received the affirmative, informed consent to be tracked and such consent has not been subsequently rescinded."

After stating that there is no obligation on first-party sites, doesn't it immediate impose one and a necessary one at that?

Recapping: First Party sites track.  The straw-men documents should reflect that so as we define tracking under ISSUE-5 we can then spell out the differing obligations for first and third party sites.


----------------
John M. Simpson
Consumer Advocate
Consumer Watchdog
Tel: 310-392-7041
 
Received on Thursday, 27 October 2011 02:36:19 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:44:41 UTC