- From: Dobbs, Brooks <brooks.dobbs@kbmg.com>
- Date: Tue, 12 Jun 2012 16:30:22 -0500
- To: Jonathan Mayer <jmayer@stanford.edu>, <public-tracking@w3.org>, Shane Wiley <wileys@yahoo-inc.com>
- Message-ID: <CBFD1F1E.17D8%brooks.dobbs@kbmg.com>
Jonathan, Apologies for the late comments here, but I think it is worth mentioning that the proposed definition of ³share² is likely to create a number of problems. Semantically I think most people understand the concept of sharing as being where one party ³has possession² (for lack of a better term) of a known set of data points which it then forwards to another party. The general idea being data subject gives data to controller 1, controller 1 knowingly gives the data to controller 2. This analogy doesnıt work well online where the following is true... Data is directly collected by controller 2 from data subject. Data collected by controller 2 may be different than that collected by controller 1 (controller 2 may have different cookie than controller 1). \ And in reality controller 1 may not know either the identity of the data subject, the identity of controller 2 or the relationship as between subject and controller 2. Taken together, there is no practical way that a 1st party can comply. By way of example. Say publisher has a tool which allows for an ad auction to occur on its site. Publisher does not know ahead of time who will win the auction or even the population of data collectors who may potentially win. Whoever wins the auction, the first party publisher has enabled the advertiser to receive data (shared). If e.g. Amazon wins the auction an ad containing perhaps a fully identified .amazon.com cookie may cause Amazon to receive data which it may be prohibited by DNT from coming into its control, but because the 1st party had neither knowledge of who the 3rd party is, or what specifically it was prohibited from collecting, there is a problem. The advertiser can still respect DNT and act accordingly, but arguably the spec violation occurred when the 1st party caused the 3rd party to receive the data and have to make the decision. It may be better to define share in the traditional way I know what I have and who I give it to and then break out a new definition of ³enable to collect². It doesnıt answer the prohibition question, but at least it gives us a workable vocabulary. -Brooks On 6/6/12 7:06 AM, "Jonathan Mayer" <jmayer@stanford.edu> wrote: > > This group has made tremendous progress. As we enter our second year and look > forward to our fifth meeting, we can celebrate achieving hard-won consensus on > many difficult topics. > > It's time to complete our task. We have given shape to the several issues at > the center of Do Not Track policy, but we have not reached agreement on how to > resolve them. Those issues are, in brief: > > 1) May a user agent enable Do Not Track by default? > > 2) May a website share its information with corporate affiliates? > > 3) May a third-party website continue to set tracking cookies (or use an > equivalent technology for collecting a user's browsing history)? > > Peter Eckersley (EFF), Tom Lowenthal (Mozilla), and I (Stanford) have iterated > on a comprehensive compromise proposal that addresses these issues. The text > draws extensively on prior drafts from multiple constituencies. It would, in > short: > > 1) Require explicit consent for enabling Do Not Track. > > 2) Allow affiliate information sharing. > > 3) Prohibit tracking cookies. > > We have received valuable feedback from a number of participant viewpoints, > including browser vendors, advertising companies, analytics services, social > networks, policymakers, consumer groups, and researchers. Out of respect for > the candid nature of those ongoing conversations, we leave it to stakeholders > to volunteer their contributions to and views on this proposal. > > As you review the draft, please recognize that it is a compromise proposal. > The document is not a retread of well-worn positions; it reflects > extraordinarily painful cuts for privacy-leaning stakeholders, including > complete concessions on two of the three central issues. Some participants > have already indicated that they believe the proposal goes too far and are > unwilling to support it. > > We would ask all stakeholders to approach the document with a collegial > spirit. I can assure you now: there will be components of the proposal that > you will not like. Some industry and advocacy participants will flatly reject > it. But when everyone in the center of the group is just a bit unhappy, I > think we've found our consensus. > > Sincerely, > Jonathan > > > > -- Brooks Dobbs, CIPP | Chief Privacy Officer | KBM Group | Part of the Wunderman Network (Tel) 678 580 2683 | (Mob) 678 492 1662 | kbmg.com brooks.dobbs@kbmg.com This email including attachments may contain confidential information. If you are not the intended recipient, do not copy, distribute or act on it. Instead, notify the sender immediately and delete the message.
Attachments
- image/png attachment: image.png
Received on Tuesday, 12 June 2012 20:30:59 UTC