- From: Bryan Sullivan <blsaws@gmail.com>
- Date: Sat, 04 Feb 2012 11:24:38 -0800
- To: JC Cannon <jccannon@microsoft.com>, John Simpson <john@consumerwatchdog.org>, Shane Wiley <wileys@yahoo-inc.com>
- CC: Tracking Protection Working Group WG <public-tracking@w3.org>
- Message-ID: <CB52C39D.10CCD%blsaws@gmail.com>
I believe the answer to John's question "a 3rd party can collect and build a
profile about my activity on a 1st party site, but cannot correlate it with
data collected on another 1st party site? ", is NO due to the requirements:
3rd parties MUST NOT add collected data to a "profile" of a user.
3rd parties MUST NOT leverage previously collected data to profile a user or
to alter a user's experience.
3rd parties MUST NOT attempt to personally identify a user.
These effectively prevent the building of any personal profile by the 3rd
party. This prohibition is independent of any cross-site sharing
prohibitions, I.e. Even though a profile can't be built, the information
while being processed (and effectively forgotten after processing for
whatever response is needed) cannot be shared or correlated with other
sites.
Reception of logs without processing is a grey area, and I think is
ineffective business practice at least, so would not likely be common.
From: JC Cannon <jccannon@microsoft.com>
Date: Fri, 3 Feb 2012 01:11:26 +0000
To: John Simpson <john@consumerwatchdog.org>, Shane Wiley
<wileys@yahoo-inc.com>
Cc: Tracking Protection Working Group WG <public-tracking@w3.org>
Subject: RE: ACTION-75: Write-up a hybrid of Do Not Profile and Do Not
Cross-Site Track
Resent-From: <public-tracking@w3.org>
Resent-Date: Fri, 03 Feb 2012 01:12:43 +0000
If a site receives logs and does not process them in anyway are they
compliant with this issue?
JC
From: John Simpson [mailto:john@consumerwatchdog.org]
Sent: Wednesday, February 01, 2012 12:19 PM
To: Shane Wiley
Cc: Tracking Protection Working Group WG
Subject: Re: ACTION-75: Write-up a hybrid of Do Not Profile and Do Not
Cross-Site Track
Clarifying questions:
Does this mean a 3rd party can collect and build a profile about my activity
on a 1st party site, but cannot correlate it with data collected on another
1st party site? Example: Adserve.com <http://Adserve.com> could collect
data about my visit to News1.com <http://News1.com> and serve ads to me
based on what I did on News1.com <http://News1.com> ? Adserve.com
<http://Adserve.com> could collect data about my visit to News2.com
<http://News2.com> and serve ads there based on my News2.com
<http://News2.com> activity, but could not combine those two profiles?
On Jan 30, 2012, at 9:00 PM, Shane Wiley wrote:
Description:
Write-up a hybrid of Do Not Profile and Do Not Cross-Site Track
Draft:
o Not Profile + Do Not Cross-Site Track
When DNT:1...
1st parties may collect and profile.
3rd parties MUST NOT collect data across multiple, non-affiliated or branded
websites.
<Non-Normative> Data collected by a 3rd party MUST be segregated according
to the 1st party from which it was collected. A 3rd party MUST NOT
aggregate, correlate or use together data that was collected on different
1st party sites.
3rd parties MUST NOT add collected data to a "profile" of a user.
3rd parties MUST NOT leverage previously collected data to profile a user or
to alter a user's experience.
3rd parties MUST NOT attempt to personally identify a user.
A party MUST NOT share (send or receive) collected data or profiles with
another party (unless that party is ONLY working on the behalf of that
specific party).
<Non-Normative> (Outside of DNT Context): Data legitimately
collected and received from a party MAY be combined with existing 1st party
profile data.
A party MAY choose to remove any previously profiled data.
All stated Exceptions apply.
----------
John M. Simpson
Consumer Advocate
Consumer Watchdog
1750 Ocean Park Blvd. ,Suite 200
Santa Monica, CA,90405
Tel: 310-392-7041
Cell: 310-292-1902
www.ConsumerWatchdog.org <http://www.ConsumerWatchdog.org>
john@consumerwatchdog.org
Received on Saturday, 4 February 2012 19:25:18 UTC