W3C home > Mailing lists > Public > public-tracking@w3.org > February 2012

Re: ACTION-69: Renaming ISSUE-54

From: John Simpson <john@consumerwatchdog.org>
Date: Mon, 13 Feb 2012 10:53:18 -0800
Message-Id: <8A908330-0197-4647-BF20-84A7C5D2B72E@consumerwatchdog.org>
Cc: Jeffrey Chester <jeff@democraticmedia.org>, Jonathan Robert Mayer <jmayer@stanford.edu>, Justin Brookman <justin@cdt.org>, "public-tracking@w3.org" <public-tracking@w3.org>
To: JC Cannon <jccannon@microsoft.com>

I'm thinking about this.

My first analysis is that if you're logged in to the service, you're having a meaningful relationship with it.  That would imply they are a 1st party and can treat you accordingly.  If you're not logged in, the social site MUST NOT use information that it has gathered while it had a first party relationship with you.


On Feb 12, 2012, at 2:42 PM, JC Cannon wrote:

> I would like to drill into this a little further. How would this apply to a logged in state? If Im logged into a social site and reading an article I would be interested to know if people I trust from that social site enjoyed the article or not without necessarily letting people know that I viewed the article, unless I select the share button. I dont want to have to enable tracking just to see if my friends liked the article.
> JC
> Twitter
> From: John Simpson [mailto:john@consumerwatchdog.org] 
> Sent: Wednesday, February 08, 2012 11:53 AM
> To: Jeffrey Chester
> Cc: Jonathan Robert Mayer; Justin Brookman; public-tracking@w3.org
> Subject: Re: ACTION-69: Renaming ISSUE-54
> I agree that when a site acts as a third party it MUST not engage in targeting based on data gathered when it was a 1st party if DNT is enabled.
> On Feb 8, 2012, at 8:43 AM, Jeffrey Chester wrote:
> I don't think if DNT is enabled a third party should be able to engage in profile-based targeting that they have collected as first party, as Justin perhaps as proposed.  That would weaken user intent on DNT.  
> Jeffrey Chester
> Center for Digital Democracy
> 1621 Connecticut Ave, NW, Suite 550
> Washington, DC 20009
> www.democraticmedia.org
> www.digitalads.org
> 202-986-2220
> On Feb 8, 2012, at 11:34 AM, Jonathan Robert Mayer wrote:
> In the interest of clarity, I recommend we make two ISSUEs from ISSUE-54.
> 1) What can a first party do on its own website with provided information? I completely agree with Shane that this falls into the current first party proposal, and I expect we'll get consensus and close the ISSUE quickly.
> 2) What can a first party do with submitted information when it's a third party? We've already heard a range of views on this; I expect lengthy discussion and perspectives from many stakeholders before we close the ISSUE.
> On Feb 8, 2012, at 7:20 AM, Justin Brookman <justin@cdt.org> wrote:
> I think Sean's restatement of the issue is a bit ambiguous.  The key question is not whether a first party can alter its own websites and advertising on those sites based on data it collected as a first party.  It's about whether they can then leverage that data when they're in a third-party environment.
> I was tasked with writing up language on this in Brussels, but upon reflection, my vision is already allowed for in the text:  a third-party may customize content or advertising on other sites based on data it had collected as a first-party.  Thus, Yahoo! can serve ads on the New York Times based on what I had done on the Yahoo! site (or registration information I had provided to Yahoo!) and Facebook can tell me what my friends like in a social widget when I go to the WashingtonPost.com --- as long as neither collects the fact that I went to NYT or WaPo (apart from exceptions like ad reporting, fraud, analytics) and certainly does not add that information to a profile about me.  The language in the draft currently allows for this.  However, I will try to put together some non-normative language on this today to make it clear.  I have heard the argument that this unduly favors first-party sites who have a lot of user data, but I also think the privacy implications are dramatically reduced when ads are influenced based on data that a party already has about you.
> Shane, you had seemed to disagree with this idea in Brussels, so if you want to put forward a countersuggestion that's fine.  Alternatively, Tom had disagreed on one of the calls that Facebook should be allowed to personalize content based on data it had collected as a first-party, so he may want to proffer another suggestion.  I could see a stronger argument against allowing Yahoo! to use passively-collected data about what I read on the Yahoo! site rather than using affirmatively provided info, but I personally wouldn't draw the line there.  It's also possible this issue is currently being discussed elsewhere on the mailing list, but I have not remotely been able to keep up.
> Justin Brookman
> Director, Consumer Privacy
> Center for Democracy & Technology
> 1634 I Street NW, Suite 1100
> Washington, DC 20006
> tel 202.407.8812
> fax 202.637.0969
> justin@cdt.org
> http://www.cdt.org
> @CenDemTech
> @JustinBrookman
> On 2/6/2012 10:10 AM, Shane Wiley wrote:
> And the proposed answer, YES, as this appears to capture the 1st party exception cleanly and we have other statements that disallow a 1st party from sharing information with 3rd parties when DNT:1.
> - Shane
> From: Sean Harvey [mailto:sharvey@google.com] 
> Sent: Sunday, February 05, 2012 5:27 PM
> To: public-tracking@w3.org Group WG
> Subject: ACTION-69: Renaming ISSUE-54
> Hi all, apologies for the delay in submitting my action item. 
> ISSUE-54 is intended to get at the question of whether or not a first party is allowed to leverage their own data, including registration data provided by the user at a previous time, in the context of a DNT header being ON. 
> Keep in mind I am not intending to provide an answer, only to more appropriately rename the topic. 
> In light of this I propose the Issue be renamed: 
> "Can first parties customize their own websites or advertising based on their own user data when a DNT header is ON?"
> ----------
> John M. Simpson
> Consumer Advocate
> Consumer Watchdog
> 1750 Ocean Park Blvd. ,Suite 200
> Santa Monica, CA,90405
> Tel: 310-392-7041
> Cell: 310-292-1902
> www.ConsumerWatchdog.org
> john@consumerwatchdog.org

John M. Simpson
Consumer Advocate
Consumer Watchdog
1750 Ocean Park Blvd. ,Suite 200
Santa Monica, CA,90405
Tel: 310-392-7041
Cell: 310-292-1902

Received on Monday, 13 February 2012 18:53:52 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:38:33 UTC