RE: ACTION-75: Write-up a hybrid of Do Not Profile and Do Not Cross-Site Track from Shane Wiley on 2012-02-02 (public-tracking@w3.org from February 2012)

From: Shane Wiley <wileys@yahoo-inc.com>
Date: Wed, 1 Feb 2012 16:42:10 -0800
To: John Simpson <john@consumerwatchdog.org>
CC: Tracking Protection Working Group WG <public-tracking@w3.org>
Message-ID: <63294A1959410048A33AEE161379C8023D0C8AC183@SP2-EX07VS02.ds.corp.yahoo.com>

Correct!  Adserve.com would be required to keep the profiles separate across 1st parties for users that have DNT enabled.

- Shane

From: John Simpson [mailto:john@consumerwatchdog.org]
Sent: Wednesday, February 01, 2012 3:19 PM
To: Shane Wiley
Cc: Tracking Protection Working Group WG
Subject: Re: ACTION-75: Write-up a hybrid of Do Not Profile and Do Not Cross-Site Track

Clarifying questions:

Does this mean a 3rd party can collect and build a profile about my activity on a 1st party site, but cannot correlate it with data collected on another 1st party site?  Example: Adserve.com<http://Adserve.com> could collect data about my visit to News1.com<http://News1.com> and serve ads to me based on what I did on News1.com<http://News1.com>? Adserve.com<http://Adserve.com> could collect data about my visit to News2.com<http://News2.com> and serve ads there based on my News2.com<http://News2.com> activity, but could not combine those two profiles?

On Jan 30, 2012, at 9:00 PM, Shane Wiley wrote:

Description:
Write-up a hybrid of Do Not Profile and Do Not Cross-Site Track

Draft:
o Not Profile + Do Not Cross-Site Track

When DNT:1...

1st parties may collect and profile.

3rd parties MUST NOT collect data across multiple, non-affiliated or branded websites.

<Non-Normative> Data collected by a 3rd party MUST be segregated according to the 1st party from which it was collected.  A 3rd party MUST NOT aggregate, correlate or use together data that was collected on different 1st party sites.

3rd parties MUST NOT add collected data to a "profile" of a user.

3rd parties MUST NOT leverage previously collected data to profile a user or to alter a user's experience.

3rd parties MUST NOT attempt to personally identify a user.

A party MUST NOT share (send or receive) collected data or profiles with another party (unless that party is ONLY working on the behalf of that specific party).

                <Non-Normative> (Outside of DNT Context):  Data legitimately collected and received from a party MAY be combined with existing 1st party profile data.

A party MAY choose to remove any previously profiled data.

All stated Exceptions apply.

----------
John M. Simpson
Consumer Advocate
Consumer Watchdog
1750 Ocean Park Blvd. ,Suite 200
Santa Monica, CA,90405
Tel: 310-392-7041
Cell: 310-292-1902
www.ConsumerWatchdog.org<http://www.ConsumerWatchdog.org>
john@consumerwatchdog.org<mailto:john@consumerwatchdog.org>

Received on Thursday, 2 February 2012 00:43:00 UTC