- From: David Singer <singer@apple.com>
- Date: Fri, 21 Dec 2012 14:31:44 -0800
- To: "public-tracking@w3.org Working Group" <public-tracking@w3.org>
I think the basic discussion is in http://lists.w3.org/Archives/Public/public-tracking/2012Nov/0334.html and the redux in http://lists.w3.org/Archives/Public/public-tracking/2012Dec/0119.html The summary: -- use the same-party resource for sites that are truly in the same party, or appear uniquely associated with only one party; (we don't need analytics.com being the same as both boeing.com and airbus.com, which would suggest boeing and airbus are the same party); -- if you operate under a service contract, then you're under the privacy policy of the organization you're providing service to; your policy link in the well-known resource should be a URL that identifies both that organization's site and its policy (the URL may then, of course, re-direct if needed); (note that sharing a privacy policy might occur under other circumstances, e.g. if an organization like creative commons publishes some easy-to-use ones) -- if you are concerned that users/user-agents might see you claiming 1st party or consent status when you don't appear to have it, because the organization you are servicing does, set the service-provider qualifier (in the response and/or well-known-resource, as appropriate); the 'policy' link then should show who you provide service to (as above) David Singer Multimedia and Software Standards, Apple Inc.
Received on Friday, 21 December 2012 22:32:14 UTC