W3C home > Mailing lists > Public > public-tracking@w3.org > August 2012

Re: Input to ISSUE-137 (service provider flag)

From: David Singer <singer@apple.com>
Date: Mon, 27 Aug 2012 12:33:43 -0700
Message-id: <EB834BB0-A04E-4AFF-A056-58F5DB775073@apple.com>
To: "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>

On Aug 27, 2012, at 11:50 , Roy T. Fielding <fielding@gbiv.com> wrote:

> As mentioned previously, I object to requiring that service providers
> acting as a first party be required to behave differently than a first
> party would, unless there is a compelling (and agreed) privacy need
> that is being protected.

Previously, we didn't have behavioral rules; as I recall, we had "obey all the rules for a 1st party" plus "silo the data to only the first party (and not even yourself)".  The privacy need is to ensure that data that is collected under (the almost empty) first party rules is, in fact, being used by a first party.

Also, perhaps there is value in *allowing but not requiring*?  Indeed, the qualifiers are intended to match the permissions in the compliance document, and since I rather expect the 'service provider/agent of 1st party' permission to survive, we'd then have a way that allowed a party to indicate they claim this permission.

David Singer
Multimedia and Software Standards, Apple Inc.
Received on Monday, 27 August 2012 19:34:33 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:38:54 UTC