Re: Summary of First Party vs. Third Party Tests

FWIW

In 2009, we looked into this issue somewhat in 2009 and found that many
large web companies can have as many as 2000 'affiliates' based on the GLB
definition <http://www.sec.gov/rules/final/34-42974.htm#P84_20157> (average
was 297).  Summary here <http://knowprivacy.org/affiliates.html> and full
report <http://knowprivacy.org/full_report.html>. Additionally, the privacy
policies of most of these sites stated that they shared data with
affiliates<http://knowprivacy.org/images/policies_large.jpg> but
they did not share data with 3rd parties.

I think one issue here is that most consumers would not immediately
comprehend this technical distinction and would potentially consider a
company like Fox separate from say the social network, Myspace.

Perhaps something to consider as we work through these definitions.
-a



On Sun, Oct 30, 2011 at 6:37 AM, Mike Zaneis <mike@iab.net> wrote:

> Jonathan, this is a very helpful discussion, providing the scenarios and
> possible real examples. My only comment is that I believe your second
> possible definition - legal business relationships - is overly broad. The
> corporate ownership factor is correct, but I don't think most/anyone would
> argue that a contract with a non-related company would make that company a
> first party (it could make them an agent of the first party if the data is
> only used for the benefit of the first party, but that is a different
> discussion). Most U.S. laws treat legal "affiliates", companies with some
> common ownership, as first parties (i.e. ESPN and ABC are treated as first
> party to the parent company Disney). I think that is the more useful straw
> man to use for this discussion.
>
> Mike Zaneis
> SVP & General Counsel, IAB
> (202) 253-1466
>
> On Oct 29, 2011, at 1:11 AM, "Jonathan Mayer" <jmayer@stanford.edu> wrote:
>
> > (ACTION-25)
> >
> > As I understand it, there are four camps on how to distinguish between
> first parties and third parties.
> >
> > 1) Domain names (e.g. public suffix + 1).
> >
> > 2) Legal business relationships (e.g. corporate ownership + affiliates).
> >
> > 3) Branding.
> >
> > 4) User expectations.
> >
> > Here are some examples that show the boundaries of these definitions.
> >
> > Example: The user visits Example Website at example.com.  Example
> Website embeds content from examplestatic.com, a domain controlled by
> Example Website and used to host static content.
> >
> > Discussion: Content from the examplestatic.com domain is first-party
> under every test save the first.
> >
> > Example: Example Website (example.com) strikes a deal with Example
> Affiliate (affiliate.com), an otherwise unrelated company, to share user
> data.  The user visits Example Website, and it embeds content from Example
> Affiliate.
> >
> > Discussion: Content from Example Affiliate is third-party under every
> test save the second.
> >
> > Example: Example Website embeds a widget from Example Social Aggregator.
>  The widget includes a prominent logo for Example Social Aggregator, though
> a user is unlikely to recognize it.
> >
> > Discussion: Content from Example Social Aggregator is third-party under
> every test save the third.
> >
> >
>
>

Received on Sunday, 30 October 2011 17:51:39 UTC