RE: ACTION-75: Write-up a hybrid of Do Not Profile and Do Not Cross-Site Track from JC Cannon on 2012-02-03 (public-tracking@w3.org from February 2012)

From: JC Cannon <jccannon@microsoft.com>
Date: Fri, 3 Feb 2012 01:11:26 +0000
To: John Simpson <john@consumerwatchdog.org>, Shane Wiley <wileys@yahoo-inc.com>
CC: Tracking Protection Working Group WG <public-tracking@w3.org>
Message-ID: <DB4282D9ADFE2A4EA9D1C0FB54BC3BD76E4C4D8E@TK5EX14MBXC139.redmond.corp.microsoft.>

If a site receives logs and does not process them in anyway  are they compliant with this issue?

JC

From: John Simpson [mailto:john@consumerwatchdog.org]
Sent: Wednesday, February 01, 2012 12:19 PM
To: Shane Wiley
Cc: Tracking Protection Working Group WG
Subject: Re: ACTION-75: Write-up a hybrid of Do Not Profile and Do Not Cross-Site Track

Clarifying questions:

Does this mean a 3rd party can collect and build a profile about my activity on a 1st party site, but cannot correlate it with data collected on another 1st party site?  Example: Adserve.com<http://Adserve.com> could collect data about my visit to News1.com<http://News1.com> and serve ads to me based on what I did on News1.com<http://News1.com>? Adserve.com<http://Adserve.com> could collect data about my visit to News2.com<http://News2.com> and serve ads there based on my News2.com<http://News2.com> activity, but could not combine those two profiles?

On Jan 30, 2012, at 9:00 PM, Shane Wiley wrote:

Description:
Write-up a hybrid of Do Not Profile and Do Not Cross-Site Track

Draft:
o Not Profile + Do Not Cross-Site Track

When DNT:1...

1st parties may collect and profile.

3rd parties MUST NOT collect data across multiple, non-affiliated or branded websites.

<Non-Normative> Data collected by a 3rd party MUST be segregated according to the 1st party from which it was collected.  A 3rd party MUST NOT aggregate, correlate or use together data that was collected on different 1st party sites.

3rd parties MUST NOT add collected data to a "profile" of a user.

3rd parties MUST NOT leverage previously collected data to profile a user or to alter a user's experience.

3rd parties MUST NOT attempt to personally identify a user.

A party MUST NOT share (send or receive) collected data or profiles with another party (unless that party is ONLY working on the behalf of that specific party).

                <Non-Normative> (Outside of DNT Context):  Data legitimately collected and received from a party MAY be combined with existing 1st party profile data.

A party MAY choose to remove any previously profiled data.

All stated Exceptions apply.

----------
John M. Simpson
Consumer Advocate
Consumer Watchdog
1750 Ocean Park Blvd. ,Suite 200
Santa Monica, CA,90405
Tel: 310-392-7041
Cell: 310-292-1902
www.ConsumerWatchdog.org<http://www.ConsumerWatchdog.org>
john@consumerwatchdog.org<mailto:john@consumerwatchdog.org>

Received on Friday, 3 February 2012 01:12:42 UTC