W3C home > Mailing lists > Public > public-tracking@w3.org > February 2012

Re: ACTION-75: Write-up a hybrid of Do Not Profile and Do Not Cross-Site Track

From: Nicholas Doty <npdoty@w3.org>
Date: Fri, 3 Feb 2012 10:14:12 -0800
Cc: Tracking Protection Working Group WG <public-tracking@w3.org>
Message-Id: <64435CBF-FD24-4F5B-8194-35D3158582F8@w3.org>
To: Shane Wiley <wileys@yahoo-inc.com>
Just a clarifying question.

Given that 3rd parties must not collect any data across multiple sites...

On Jan 30, 2012, at 9:00 PM, Shane Wiley wrote: 
> 3rd parties MUST NOT collect data across multiple, non-affiliated or branded websites.
> <Non-Normative> Data collected by a 3rd party MUST be segregated according to the 1st party from which it was collected.  A 3rd party MUST NOT aggregate, correlate or use together data that was collected on different 1st party sites.

Do these next three statements only apply to data collected across multiple sites? Or to any data that a third party collects about a user?

> 3rd parties MUST NOT add collected data to a "profile" of a user.
> 3rd parties MUST NOT leverage previously collected data to profile a user or to alter a user's experience.
> 3rd parties MUST NOT attempt to personally identify a user.

If these only apply to data collected across multiple sites, I'm not sure the first at least is necessary. If I can't collect data about a user across sites, it would be impossible to use that not-collected data to add to a profile of them, right? 

Also, if that assumption is right, then the language seems confusing to me; 3rd-parties would be allowed to add data to profiles, leverage previously collected data to alter a user's experience or identify a user, as long as they were doing so with data they hadn't combined across sites, right?

Received on Friday, 3 February 2012 18:14:20 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:38:33 UTC