RE: ISSUE-5: What is the definition of tracking? from Shane Wiley on 2011-10-27 (public-tracking@w3.org from October 2011)

From: Shane Wiley <wileys@yahoo-inc.com>
Date: Thu, 27 Oct 2011 08:45:17 -0700
To: Sean Harvey <sharvey@google.com>, "public-tracking@w3.org Group WG" <public-tracking@w3.org>
Message-ID: <63294A1959410048A33AEE161379C8023D034FF153@SP2-EX07VS02.ds.corp.yahoo.com>

Sean,

Could you please explain how "Organizational Boundaries" is defined?  For discussion sake we've used the following examples in the past:  Yahoo!/Flickr and Disney/ESPN.  Would "Flickr.com", a Yahoo! company with Yahoo! branding under common privacy policy and TOS control, be considered within the "organizational boundaries" of Yahoo!?  Would ESPN.com, a Disney company under separate branding but with common privacy policy and TOS control, be considered within the "organizational boundaries" of Disney?

Thank you,
Shane

From: public-tracking-request@w3.org [mailto:public-tracking-request@w3.org] On Behalf Of Sean Harvey
Sent: Thursday, October 27, 2011 8:01 AM
To: public-tracking@w3.org Group WG
Subject: Re: ISSUE-5: What is the definition of tracking?

I agree that organizational boundaries matter. I also think they would be easier to define & enforce than "commonly branded" sites from our strawman doc, which came into focus for me following Justin's question to us all during yesterday's weekly call.

My concern around "commonly branded" is that it is slipperier concept and more open to interpretation. I heard some potentially vague expressions of what commonly branded means yesterday: "it's common knowledge that company a owns site b" etc. How do we enshrine that in a compliance standard? how does brand A understand whether its common ownership relationship with brand B is common knowledge? And if we take the more austere interpretation it lends to some very weird outcomes (different branded TV show sites from a given network are not considered first party, etc).

And what happens when we come up with our interpretation of "commonly branded" and five years later a new set of regulators in the united states or an EU country come up with a different one? The concern is there may be no way for anyone to understand what they are really signing up for given the "commonly branded" terminology. Using an organizational boundary makes things more transparent and puts things in black & white.

Received on Thursday, 27 October 2011 15:46:24 UTC