Re: Tracking names and emails across sites

Brendan,  

I'm confused: what does this have to do with Stanford?

Anyways, I'd still appreciate clarification on your second point.  What consumer control would the DAA principles require for an analytics service that identifies visitors by email address?

Thanks,
Jonathan


On Tuesday, December 18, 2012 at 7:53 AM, Brendan Riordan-Butterworth wrote:

> Jonathan,  
>   
>   If you’re interested in registering Stanford to start using the About Ads icon to identify their adherence to the DAA principles, I suggest you engage with the DAA directly, outside of this group.   
>   
>   The most important takeaways from my mail yesterday are that:
>   
> -          Consent-based value exchange of PII for access exists now, and will exist in a DNT world.   
> -          If the DNT world does not offer sufficiently robust exceptions management, the pressure on the consumer will be to disable DNT for access.   
>   
> /brendan.
>   
> From: Jonathan Mayer [mailto:jmayer@stanford.edu]  
> Sent: Monday, December 17, 2012 9:29 PM
> To: Brendan Riordan-Butterworth
> Cc: public-tracking@w3.org (mailto:public-tracking@w3.org)
> Subject: Re: Tracking names and emails across sites  
>   
> Brendan,  
>  
>   
>  
> Could you please provide a bit more detail on Point 2 below?  In particular, what control would this company have to provide to comply with the DAA principles?  In my reading of the DAA's documents: none.
>  
>   
>  
> Thanks,
>  
> Jonathan
>  
> On Monday, December 17, 2012 at 10:23 AM, Brendan Riordan-Butterworth wrote:
> >  
> > Point 1: Humor and realism
> >  
> >  
> > Facial recognition is such an inefficient method of consumer identification.  It’d be a much simpler implementation to enhance customer loyalty cards with range-readable RFID tags – that way you’ve also got opt-in, and the possibility of spinning up a consumer-choice portal.   
> >  
> >  
> >   
> >  
> >  
> > Point 2: Existing Self-Reg
> >  
> >  
> > The current self-regulatory guidelines offered via the DAA require that Third Parties and Service Providers (like what this “website intelligence” network seems to be) provide “clear, meaningful, and prominent notice” of what’s being collected, how it’s being used, and an opt-out mechanism.  You can review starting on page 12 of this document:
> >  
> >  
> >   
> >  
> >  
> > http://www.aboutads.info/resource/download/seven-principles-07-01-09.pdf
> >  
> >  
> >   
> >  
> >  
> > If they’re not providing this information and control, they’re not in line with the DAA principles.   
> >  
> >  
> >   
> >  
> >  
> > Point 3: DNT World
> >  
> >  
> > I don’t think that the business practice of requiring the exchange of PII for services or discounts would be eliminated under a DNT regime.  Specifically, a site that currently blocks access or participation on filling in a form that includes being given permission to share the consumer’s email address with other parties would need to update their form to request the appropriate exceptions via the DNT protocol.  If the DNT exception protocol isn’t sufficiently robust to allow the consumer to give minimal tracking permission, it’s likely that these sites will simply require the global disabling of the DNT state.   
> >  
> >  
> >   
> >  
> >  
> > /brendan.
> >  
> >  
> >   
> >  
> >  
> >   
> >  
> >  
> > From: Jonathan Mayer [mailto:jmayer@stanford.edu]  
> > Sent: Wednesday, December 12, 2012 11:52 PM
> > To: public-tracking@w3.org (mailto:public-tracking@w3.org)
> > Subject: Fw: Tracking names and emails across sites
> >  
> >  
> >   
> >  
> >  
> > Spotted this on the public-tracking list.  The practice may be a helpful future use case to keep in mind as we refine the compliance document.  It certainly would not be permissible for Do Not Track users under a linkability-oriented approach.  If I understand correctly, current self-regulatory guidelines would allow it.  
> >  
> >  
> >  
> >   
> >  
> >  
> >  
> > Jonathan
> >  
> >  
> >  
> >   
> >  
> >  
> > Forwarded message:
> > >  
> > > From: Karl Dubost <karld@opera.com (mailto:karld@opera.com)>
> > > To: public-privacy@w3.org (mailto:public-privacy@w3.org) mailing list) <public-privacy@w3.org (mailto:public-privacy@w3.org)>
> > > Date: Wednesday, December 12, 2012 8:24:17 PM
> > > Subject: Tracking names and emails across sites
> > >  
> > >  
> > >  
> > >   
> > >  
> > >  
> > > FYI,
> > >  
> > >  
> > >  
> > >   
> > >  
> > >  
> > >  
> > > Tracking personal identifiable information across sites.
> > >  
> > >  
> > >  
> > >   
> > >  
> > >  
> > >  
> > > On Thu, 13 Dec 2012 04:23:08 GMT
> > >  
> > >  
> > >  
> > > In You’re not anonymous. I know your name, email, and company.
> > >  
> > >  
> > >  
> > > At http://42floors.com/blog/youre-not-anonymous-i-know-your-name-email-and-company/
> > >  
> > >  
> > >  
> > >   
> > >  
> > >  
> > >  
> > > I’ve learned that there is a “website  
> > >  
> > >  
> > >  
> > > intelligence” network that tracks form submissions  
> > >  
> > >  
> > >  
> > > across their customer network. So, if a visitors  
> > >  
> > >  
> > >  
> > > fills out a form on Site A with their name and  
> > >  
> > >  
> > >  
> > > email, Site B knows their name and email too as  
> > >  
> > >  
> > >  
> > > soon as they land on the site.
> > >  
> > >  
> > >  
> > >   
> > >  
> > >  
> > >  
> > > --  
> > >  
> > >  
> > >  
> > > Karl Dubost - http://dev.opera.com/
> > >  
> > >  
> > >  
> > > Developer Relations, Opera Software
> > >  
> > >  
> > >  
> > >  
> > >  
> >  
> >  
> >   
> >  
> >  
> >  
> >  
> >  
>  
>   
>  
>  
>  
>  

Received on Tuesday, 18 December 2012 21:47:21 UTC