Re: Issue-39: Tracking of Geographic Data

Substantively, I'm in general agreement.

In the interest of analytical consistency and not conflating issues, I'd avoid siting this content in the high-level compliance section.  I'd instead locate the discussion of personalization by IP geolocation, user-agent, and referrer in a contextual personalization exception.

Jonathan

On Feb 3, 2012, at 3:34 PM, Tom Lowenthal wrote:

> ACTION-65 ISSUE-39
> 
> Proposed text. Compare with text currently in
> [S-4.1.2](http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html#third-party-compliance)
> 
> ~~~~
> ### Compliance by a third party {#third-party-compliance}
> 
> If the operator of a third-party domain receives a communication to
> which a [DNT-ON] header is attached:
> 
> 1. that operator MUST NOT collect or use information related to that
> communication outside of the explicitly expressed exceptions as defined
> within this standard;
> 2. that operator MUST NOT use information about previous communications
> in which the operator was a third party, outside of the explicitly
> expressed exceptions as defined within this standard;
> 3. that operator [MUST NOT or SHOULD NOT] retain information about
> previous communications in which the operator was a third party, outside
> of the explicitly expressed exceptions as defined within this standard.
> 
> #### Non-Normative Discussion
> 
> It is acceptable to use data sent as part of this particular network
> interaction when composing a response to a [DNT-ON] request, but it is
> not acceptable to store that data any longer than needed to reply. For
> instance, it would be appropriate to use an IP address to guess which
> country a user is in, to avoid showing them an advertisement for
> products or services unavailable where they live.
> 
> When using request-specific information to compose a reply, some levels
> of detail may feel invasive to users, and may violate their expectations
> about Do Not Track. These sorts of detailed assessments should be avoided.
> 
> *Reasonable behavior*: A user visits you from an IP address which a
> general geo-IP database suggests is in the NYC area, where it is 6pm on
> a Friday. You choose to show an advertisement for theaters and
> restaurants in the area.
> 
> *Invasive behavior*: A user visits you from an IP address which suggests
> that they are in a particular ZIP+4, which has a distinctive demographic
> profile. Their user-agent indicates that they are a Mac user, further
> narrowing their expected profile. You serve them an ad for business
> within a few blocks of them which specializes in items which their
> expected profile indicates they may enjoy.
> 
> In this example, even though the decision about which ad to serve was
> based exclusively on request specific information, but was still
> tailored to a highly-specific user profile. In particular, the
> estimation of a user's location to within a single ZIP+4 may make a user
> feel that they are being followed closely, even if the decision was made
> on the fly, and the information was only held ephemerally.
> 
> ~~~
> 

Received on Friday, 3 February 2012 23:53:31 UTC