- From: John Simpson <john@consumerwatchdog.org>
- Date: Wed, 26 Oct 2011 19:35:49 -0700
- To: public-tracking@w3.org
- Message-Id: <711F6E17-2B5E-4ABA-904A-C52936412D84@consumerwatchdog.org>
I believe this relates to ISSUE 5. Both the TPE specification and the TPS documents appear to assume that we only are concerned about cross-site and third-party tracking. First-party sites also track. While first-party tracking may be better understood by and be more acceptable to users than third-party, necessitating fewer obligations when a DNT message is received, nonetheless there are obligations. For instance, a first-party site must not send user information to a Third Party site when a user visits with DNT enabled. Shouldn't the straw-men documents explicitly make clear that First-Party sites do track and do have some obligations when the DNT message is received? Shouldn't the introduction of the TPE imply read: "Therefore, we need a mechanism for the user to express their own preference regarding [delete cross-site] tracking that is both simple to configure and efficient when implemented. "? Shouldn't Section 4. of the TPE simply read: 4. Expressing a Tracking Preference - "When a user has configured a tracking preference, that preference needs to be expressed to all mechanisms that might perform or initiate tracking [delete third parties], including sites that the user agent communicates with via HTTP, scripts that can extend behavior on pages, and plug-ins or extensions that might be installed and activated for various media types."? I am confused by the TPS when it asserts in Section 4.1: 4.1 First-Party Compliance: "This standard imposes no requirements on the operators of first-party websites. "If the operator of a first party domain receives a request to which a "Do Not Track" header is attached, that operator must not transmit behavioral data in identifiable form about that user to a third party with the intention or knowledge that the third party shall store and use the data in a way that links that data to other information about a specific person or device, UNLESS that operator has received the affirmative, informed consent to be tracked and such consent has not been subsequently rescinded." After stating that there is no obligation on first-party sites, doesn't it immediate impose one and a necessary one at that? Recapping: First Party sites track. The straw-men documents should reflect that so as we define tracking under ISSUE-5 we can then spell out the differing obligations for first and third party sites. ---------------- John M. Simpson Consumer Advocate Consumer Watchdog Tel: 310-392-7041
Received on Thursday, 27 October 2011 02:36:19 UTC