Re: Tracking names and emails across sites from Jonathan Mayer on 2012-12-18 (public-tracking@w3.org from December 2012)

From: Jonathan Mayer <jmayer@stanford.edu>
Date: Mon, 17 Dec 2012 18:29:00 -0800
To: Brendan Riordan-Butterworth <Brendan@iab.net>
Cc: "public-tracking@w3.org" <public-tracking@w3.org>
Message-ID: <37A61F1BE7824176BFB5FCC7FBCA399F@gmail.com>

Brendan,  

Could you please provide a bit more detail on Point 2 below?  In particular, what control would this company have to provide to comply with the DAA principles?  In my reading of the DAA's documents: none.

Thanks,
Jonathan


On Monday, December 17, 2012 at 10:23 AM, Brendan Riordan-Butterworth wrote:

> Point 1: Humor and realism
> Facial recognition is such an inefficient method of consumer identification.  It’d be a much simpler implementation to enhance customer loyalty cards with range-readable RFID tags – that way you’ve also got opt-in, and the possibility of spinning up a consumer-choice portal.   
>   
> Point 2: Existing Self-Reg
> The current self-regulatory guidelines offered via the DAA require that Third Parties and Service Providers (like what this “website intelligence” network seems to be) provide “clear, meaningful, and prominent notice” of what’s being collected, how it’s being used, and an opt-out mechanism.  You can review starting on page 12 of this document:
>   
> http://www.aboutads.info/resource/download/seven-principles-07-01-09.pdf
>   
> If they’re not providing this information and control, they’re not in line with the DAA principles.   
>   
> Point 3: DNT World
> I don’t think that the business practice of requiring the exchange of PII for services or discounts would be eliminated under a DNT regime.  Specifically, a site that currently blocks access or participation on filling in a form that includes being given permission to share the consumer’s email address with other parties would need to update their form to request the appropriate exceptions via the DNT protocol.  If the DNT exception protocol isn’t sufficiently robust to allow the consumer to give minimal tracking permission, it’s likely that these sites will simply require the global disabling of the DNT state.   
>   
> /brendan.
>   
>   
> From: Jonathan Mayer [mailto:jmayer@stanford.edu]  
> Sent: Wednesday, December 12, 2012 11:52 PM
> To: public-tracking@w3.org (mailto:public-tracking@w3.org)
> Subject: Fw: Tracking names and emails across sites  
>   
> Spotted this on the public-tracking list.  The practice may be a helpful future use case to keep in mind as we refine the compliance document.  It certainly would not be permissible for Do Not Track users under a linkability-oriented approach.  If I understand correctly, current self-regulatory guidelines would allow it.  
>  
>   
>  
> Jonathan
>  
>   
>  
> Forwarded message:
> > From: Karl Dubost <karld@opera.com (mailto:karld@opera.com)>
> > To: public-privacy@w3.org (mailto:public-privacy@w3.org) mailing list) <public-privacy@w3.org (mailto:public-privacy@w3.org)>
> > Date: Wednesday, December 12, 2012 8:24:17 PM
> > Subject: Tracking names and emails across sites  
> >   
> > FYI,
> >  
> >   
> >  
> > Tracking personal identifiable information across sites.
> >  
> >   
> >  
> > On Thu, 13 Dec 2012 04:23:08 GMT
> >  
> > In You’re not anonymous. I know your name, email, and company.
> >  
> > At http://42floors.com/blog/youre-not-anonymous-i-know-your-name-email-and-company/
> >  
> >   
> >  
> > I’ve learned that there is a “website  
> >  
> > intelligence” network that tracks form submissions  
> >  
> > across their customer network. So, if a visitors  
> >  
> > fills out a form on Site A with their name and  
> >  
> > email, Site B knows their name and email too as  
> >  
> > soon as they land on the site.
> >  
> >   
> >  
> > --  
> >  
> > Karl Dubost - http://dev.opera.com/
> >  
> > Developer Relations, Opera Software
> >  
> >  
> >  
> >  
>  
>   
>  
>  
>  
>

Received on Tuesday, 18 December 2012 02:29:31 UTC