- From: JC Cannon <jccannon@microsoft.com>
- Date: Mon, 13 Feb 2012 19:04:58 +0000
- To: John Simpson <john@consumerwatchdog.org>
- CC: Jeffrey Chester <jeff@democraticmedia.org>, Jonathan Robert Mayer <jmayer@stanford.edu>, Justin Brookman <justin@cdt.org>, "public-tracking@w3.org" <public-tracking@w3.org>
- Message-ID: <DB4282D9ADFE2A4EA9D1C0FB54BC3BD76E4D15DB@TK5EX14MBXC139.redmond.corp.microsoft.>
I feel MUST NOT is a bit strong. We currently don't have that restriction on regular third-party sites. We should continue to follow the DNT, Opt-out/in model. JC Twitter<http://twitter.com/jccannon7> From: John Simpson [mailto:john@consumerwatchdog.org] Sent: Monday, February 13, 2012 10:53 AM To: JC Cannon Cc: Jeffrey Chester; Jonathan Robert Mayer; Justin Brookman; public-tracking@w3.org Subject: Re: ACTION-69: Renaming ISSUE-54 JC, I'm thinking about this. My first analysis is that if you're logged in to the service, you're having a meaningful relationship with it. That would imply they are a 1st party and can treat you accordingly. If you're not logged in, the social site MUST NOT use information that it has gathered while it had a first party relationship with you. John On Feb 12, 2012, at 2:42 PM, JC Cannon wrote: I would like to drill into this a little further. How would this apply to a logged in state? If I'm logged into a social site and reading an article I would be interested to know if people I trust from that social site enjoyed the article or not without necessarily letting people know that I viewed the article, unless I select the share button. I don't want to have to enable tracking just to see if my friends liked the article. JC Twitter<http://twitter.com/jccannon7> From: John Simpson [mailto:john@consumerwatchdog.org]<mailto:[mailto:john@consumerwatchdog.org]> Sent: Wednesday, February 08, 2012 11:53 AM To: Jeffrey Chester Cc: Jonathan Robert Mayer; Justin Brookman; public-tracking@w3.org<mailto:public-tracking@w3.org> Subject: Re: ACTION-69: Renaming ISSUE-54 I agree that when a site acts as a third party it MUST not engage in targeting based on data gathered when it was a 1st party if DNT is enabled. On Feb 8, 2012, at 8:43 AM, Jeffrey Chester wrote: I don't think if DNT is enabled a third party should be able to engage in profile-based targeting that they have collected as first party, as Justin perhaps as proposed. That would weaken user intent on DNT. Jeffrey Chester Center for Digital Democracy 1621 Connecticut Ave, NW, Suite 550 Washington, DC 20009 www.democraticmedia.org<http://www.democraticmedia.org/> www.digitalads.org<http://www.digitalads.org/> 202-986-2220 On Feb 8, 2012, at 11:34 AM, Jonathan Robert Mayer wrote: In the interest of clarity, I recommend we make two ISSUEs from ISSUE-54. 1) What can a first party do on its own website with provided information? I completely agree with Shane that this falls into the current first party proposal, and I expect we'll get consensus and close the ISSUE quickly. 2) What can a first party do with submitted information when it's a third party? We've already heard a range of views on this; I expect lengthy discussion and perspectives from many stakeholders before we close the ISSUE. On Feb 8, 2012, at 7:20 AM, Justin Brookman <justin@cdt.org<mailto:justin@cdt.org>> wrote: I think Sean's restatement of the issue is a bit ambiguous. The key question is not whether a first party can alter its own websites and advertising on those sites based on data it collected as a first party. It's about whether they can then leverage that data when they're in a third-party environment. I was tasked with writing up language on this in Brussels, but upon reflection, my vision is already allowed for in the text: a third-party may customize content or advertising on other sites based on data it had collected as a first-party. Thus, Yahoo! can serve ads on the New York Times based on what I had done on the Yahoo! site (or registration information I had provided to Yahoo!) and Facebook can tell me what my friends like in a social widget when I go to the WashingtonPost.com<http://WashingtonPost.com/> --- as long as neither collects the fact that I went to NYT or WaPo (apart from exceptions like ad reporting, fraud, analytics) and certainly does not add that information to a profile about me. The language in the draft currently allows for this. However, I will try to put together some non-normative language on this today to make it clear. I have heard the argument that this unduly favors first-party sites who have a lot of user data, but I also think the privacy implications are dramatically reduced when ads are influenced based on data that a party already has about you. Shane, you had seemed to disagree with this idea in Brussels, so if you want to put forward a countersuggestion that's fine. Alternatively, Tom had disagreed on one of the calls that Facebook should be allowed to personalize content based on data it had collected as a first-party, so he may want to proffer another suggestion. I could see a stronger argument against allowing Yahoo! to use passively-collected data about what I read on the Yahoo! site rather than using affirmatively provided info, but I personally wouldn't draw the line there. It's also possible this issue is currently being discussed elsewhere on the mailing list, but I have not remotely been able to keep up. Justin Brookman Director, Consumer Privacy Center for Democracy & Technology 1634 I Street NW, Suite 1100 Washington, DC 20006 tel 202.407.8812 fax 202.637.0969 justin@cdt.org<mailto:justin@cdt.org> http://www.cdt.org<http://www.cdt.org/> @CenDemTech @JustinBrookman On 2/6/2012 10:10 AM, Shane Wiley wrote: And the proposed answer, "YES", as this appears to capture the 1st party exception cleanly and we have other statements that disallow a 1st party from sharing information with 3rd parties when DNT:1. - Shane From: Sean Harvey [mailto:sharvey@google.com] Sent: Sunday, February 05, 2012 5:27 PM To: public-tracking@w3.org<mailto:public-tracking@w3.org> Group WG Subject: ACTION-69: Renaming ISSUE-54 Hi all, apologies for the delay in submitting my action item. ISSUE-54 is intended to get at the question of whether or not a first party is allowed to leverage their own data, including registration data provided by the user at a previous time, in the context of a DNT header being ON. Keep in mind I am not intending to provide an answer, only to more appropriately rename the topic. In light of this I propose the Issue be renamed: "Can first parties customize their own websites or advertising based on their own user data when a DNT header is ON?" ---------- John M. Simpson Consumer Advocate Consumer Watchdog 1750 Ocean Park Blvd. ,Suite 200 Santa Monica, CA,90405 Tel: 310-392-7041 Cell: 310-292-1902 www.ConsumerWatchdog.org<http://www.ConsumerWatchdog.org> john@consumerwatchdog.org<mailto:john@consumerwatchdog.org> ---------- John M. Simpson Consumer Advocate Consumer Watchdog 1750 Ocean Park Blvd. ,Suite 200 Santa Monica, CA,90405 Tel: 310-392-7041 Cell: 310-292-1902 www.ConsumerWatchdog.org<http://www.ConsumerWatchdog.org> john@consumerwatchdog.org<mailto:john@consumerwatchdog.org>
Received on Monday, 13 February 2012 19:05:51 UTC