- From: Sean Harvey <sharvey@google.com>
- Date: Wed, 14 Mar 2012 00:13:47 -0400
- To: Jonathan Mayer <jmayer@stanford.edu>
- Cc: Tracking Protection Working Group WG <public-tracking@w3.org>
- Message-ID: <CAFy-vueGCLVCV88mPhmE-kN2+kTL_0R2=ANQJeUH4D3Q=szKjA@mail.gmail.com>
Just to be very clear we absolutely do not have consensus on 2 or 3, nor are we near consensus on those points. Easy discoverability was the main issue to my knowledge. On Wed, Mar 14, 2012 at 12:10 AM, Jonathan Mayer <jmayer@stanford.edu>wrote: > We agreed in Brussels that: > > 1) If two entities are not related by corporate affiliation, they are not > part of the same party. > > From discussion on the mailing list, I think we are very close to > consensus on three other points: > > 2) Branding should determine party boundaries. > > 3) Branding should determine first parties and third parties. > > 4) An entity must make "discoverable" the other entities that it considers > part of the same party. > > We do not have consensus on a final issue: > > 5) If two entities are related by corporate affiliation, are they part of > the same party? > > I've taken a stab at text that captures these five points. It is based on > the current TCS document, the DAA principles, my proposal with Tom, and the > CDT proposal. > > -------------------------------------------------- > > I. Definitions > > A. Network Interaction > A "network interaction" is an HTTP request and response, or any other > sequence of logically related network traffic. > > B. Entity > An "entity" is any commercial, nonprofit, or governmental organization, a > subsidiary or unit of such an organization, or a person. > > C. Affiliation > If an entity holds significant ownership in or exercises significant > operational control over another entity, they are "affiliated." > > D. Party > A "party" is any group of entities that: > a) consistently presents common branding throughout each entity, and > b) is related by affiliation. > [there is debate over whether to flip the "and" to an "or"] > > E. First Parties and Third Parties > A "first party" is any party, in a specific network interaction, that > brands content that occupies the full window. > A "third party" is any party, in a specific network interaction, that does > not brand content that occupies the full window. > > II. Transparency Requirement > > A. Operative Text > A party must make reasonable efforts to ensure users can discover which > entities it encompasses. > > B. Non-Normative Discussion > A list of entities in a privacy policy would ordinarily satisfy this > requirement. > > > -- Sean Harvey Business Product Manager Google, Inc. 212-381-5330 sharvey@google.com
Received on Wednesday, 14 March 2012 04:14:15 UTC