RE: Tracking names and emails across sites from Rob van Eijk on 2012-12-18 (public-tracking@w3.org from December 2012)

From: Rob van Eijk <rob@blaeu.com>
Date: Tue, 18 Dec 2012 17:18:42 +0100
To: <public-tracking@w3.org>
Message-ID: <7181d9f8932633ef346bd59f70b9a01a@xs4all.nl>
> Consent-based value exchange of PII for access exists now, and will 
> exist in a DNT world.
Brendan,

I would like to learn if and how a user's consent can be withdrawn 
easily in the case of value exchange of PII.

Second clarifying question: does such a withdraw of consent also work 
in the case of 'out of band consent' in a DNT world?

Thanks,

Rob

Brendan Riordan-Butterworth schreef op 2012-12-18 16:53:
> Jonathan,
> 
>  If you’re interested in registering Stanford to start using the
> About Ads icon to identify their adherence to the DAA principles, I
> suggest you engage with the DAA directly, outside of this group.
> 
>  The most important takeaways from my mail yesterday are that:
> 
> - Consent-based value exchange of PII for access exists now, and will
> exist in a DNT world.
> 
> - If the DNT world does not offer sufficiently robust exceptions
> management, the pressure on the consumer will be to disable DNT for
> access.
> 
> /brendan.
> 
> FROM: Jonathan Mayer [mailto:jmayer@stanford.edu]
>  SENT: Monday, December 17, 2012 9:29 PM
>  TO: Brendan Riordan-Butterworth
>  CC: public-tracking@w3.org
>  SUBJECT: Re: Tracking names and emails across sites
> 
> Brendan,
> 
> Could you please provide a bit more detail on Point 2 below? In
> particular, what control would this company have to provide to comply
> with the DAA principles? In my reading of the DAA's documents: none.
> 
> Thanks,
> 
> Jonathan
> 
> On Monday, December 17, 2012 at 10:23 AM, Brendan Riordan-Butterworth 
> wrote:
> 
>> Point 1: Humor and realism
>> 
>> Facial recognition is such an inefficient method of consumer 
>> identification. It’d be a much simpler implementation to enhance 
>> customer loyalty cards with range-readable RFID tags – that way you’ve 
>> also got opt-in, and the possibility of spinning up a consumer-choice 
>> portal.
>> 
>> Point 2: Existing Self-Reg
>> 
>> The current self-regulatory guidelines offered via the DAA require 
>> that Third Parties and Service Providers (like what this “website 
>> intelligence” network seems to be) provide “clear, meaningful, and 
>> prominent notice” of what’s being collected, how it’s being used, and 
>> an opt-out mechanism. You can review starting on page 12 of this 
>> document:
>> 
>> http://www.aboutads.info/resource/download/seven-principles-07-01-09.pdf 
>> [3]
>> 
>> If they’re not providing this information and control, they’re not in 
>> line with the DAA principles.
>> 
>> Point 3: DNT World
>> 
>> I don’t think that the business practice of requiring the exchange of 
>> PII for services or discounts would be eliminated under a DNT regime. 
>> Specifically, a site that currently blocks access or participation on 
>> filling in a form that includes being given permission to share the 
>> consumer’s email address with other parties would need to update their 
>> form to request the appropriate exceptions via the DNT protocol. If 
>> the DNT exception protocol isn’t sufficiently robust to allow the 
>> consumer to give minimal tracking permission, it’s likely that these 
>> sites will simply require the global disabling of the DNT state.
>> 
>> /brendan.
>> 
>> FROM: Jonathan Mayer [mailto:jmayer@stanford.edu]
>> SENT: Wednesday, December 12, 2012 11:52 PM
>> TO: public-tracking@w3.org
>> SUBJECT: Fw: Tracking names and emails across sites
>> 
>> Spotted this on the public-tracking list. The practice may be a 
>> helpful future use case to keep in mind as we refine the compliance 
>> document. It certainly would not be permissible for Do Not Track users 
>> under a linkability-oriented approach. If I understand correctly, 
>> current self-regulatory guidelines would allow it.
>> 
>> Jonathan
>> 
>> Forwarded message:
>> 
>>> FROM: Karl Dubost <karld@opera.com>
>>> TO: public-privacy@w3.org mailing list) <public-privacy@w3.org>
>>> DATE: Wednesday, December 12, 2012 8:24:17 PM
>>> SUBJECT: Tracking names and emails across sites
>>> 
>>> FYI,
>>> 
>>> Tracking personal identifiable information across sites.
>>> 
>>> On Thu, 13 Dec 2012 04:23:08 GMT
>>> 
>>> In You’re not anonymous. I know your name, email, and company.
>>> 
>>> At 
>>> http://42floors.com/blog/youre-not-anonymous-i-know-your-name-email-and-company/ 
>>> [1]
>>> 
>>> I’ve learned that there is a “website
>>> 
>>> intelligence” network that tracks form submissions
>>> 
>>> across their customer network. So, if a visitors
>>> 
>>> fills out a form on Site A with their name and
>>> 
>>> email, Site B knows their name and email too as
>>> 
>>> soon as they land on the site.
>>> 
>>> --
>>> 
>>> Karl Dubost - http://dev.opera.com [2]/
>>> 
>>> Developer Relations, Opera Software
> 
> 
> 
> Links:
> ------
> [1]
> http://42floors.com/blog/youre-not-anonymous-i-know-your-name-email-and-company/
> [2] http://dev.opera.com
> [3] 
> http://www.aboutads.info/resource/download/seven-principles-07-01-09.pdf
Received on Tuesday, 18 December 2012 16:19:11 UTC