- From: Aleecia M. McDonald <aleecia@aleecia.com>
- Date: Wed, 28 Mar 2012 00:54:05 -0700
- To: "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
- Message-Id: <20889712-251F-4E8B-8C28-FBEE91F71B2B@aleecia.com>
As mentioned on the last call, we're going to take a few large issues together as unified proposals. We'll talk more on the call a few hours from now, but here's the structure I have in mind so we can compare multiple proposals. Note that for the most developed discussions, much of this text already exists. It's just a question of copy & paste into a format for ready comparison. There may also be additional proposals we have not heard as much about, or at least not discussed as much.
It is fine to respond in outline form -- we're looking at ideas, not at specific wording, at this stage. It is also fine to add text to explain your reasoning.
[We will also talk further about parties that are acting on behalf of first parties as their agents. To keep this shorter, we're going to omit that work here.]
Please refer to the latest draft and use what you would like (http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html). Also potentially useful:
Issue-10, What is a first party?
Issue-17, Data use by 1st Party
Issue-19, Data collection / Data use (3rd party)
Issue-22, Still have "operational use" of data (auditing of where ads are shown, impression tracking, etc.)
Issue-24, Possible exemption for fraud detection and defense
Issue-25, Possible exemption for research purposes
Issue-31, Minimization -- to what extent will minimization be required for use of a particular exemption? (conditional exemptions)
The goal is to be able to contrast proposals in DC. Please have proposals done by Friday, April 6th (1.5 weeks from now) so other WG participants can read and reflect prior to the meeting.
*****
Contributors to this proposal:
Part I: Parties
A. A party is…
Example 0: If a user visits flickr.com, which is branded "from Yahoo!", are Flickr and Yahoo one party?
Example 1: If a user visits google.com, are other parts of Google, Inc. (adwords, analytics, YouTube, gmail, Google Maps) also the same party as google.com?
Example 2: If a user visits geico.com, is See's Candies also the same party?
Example 3: If Mozilla and Opera form a jointly-owned and controlled company called Moperilla, and a user visits Moperilla, are Mozilla and Opera part of the same party as Moperilla?
B. A first party is…
To comply with DNT, a first party MUST...
To comply with DNT, a first party MUST NOT…
C. A third party is…
To comply with DNT, a first party MUST...
To comply with DNT, a first party MUST NOT…
Part II: Business uses /* or whatever we wind up calling this -- feel free to suggest something different */
Note: unless you specifically document otherwise, this section is understood to ONLY APPLY TO THIRD PARTIES.
For each of the seven potential business uses below, please indicate if:
A. this particular use is never allowed under DNT
B. this particular use is allowed with retention limits (describe)
C. this particular use is allowed without retention limits (describe any other limitations)
As needed, feel free to define and scope the potential business uses.
1. Frequency Capping - A form of historical tracking to ensure the number of times a user sees the same ad is kept to a minimum.
{A, B, C?}
2. Financial Logging - Ad impressions and clicks (and sometimes conversions) events are tied to financial transactions (this is how online advertising is billed) and therefore must be collected and stored for billing and auditing purposes.
{A, B, C?}
3. 3rd Party Auditing - Online advertising is a billed event and there are concerns with accuracy in impression counting and quality of placement so 3rd party auditors provide an independent reporting service to advertisers and agencies so they can compare reporting for accuracy.
{A, B, C?}
4. Security - From traditional security attacks to more elaborate fraudulent activity, ad networks must have the ability to log data about suspected bad actors to discern and filter their activities from legitimate transactions. This information is sometimes shared across 3rd parties in cooperatives to help reduce the daisy-chain effect of attacks across the ad ecosystem.
{A, B, C?}
5. Contextual Content or Ad Serving: A third-party may collect and use information contained with the user agent string (including IP address and referrer url) to deliver content customized to that information.
{A, B, C?}
6. Research / Market Analytics
{A, B, C?}
7. Product Improvement, or, more narrowly, Debugging
{A, B, C?}
Received on Wednesday, 28 March 2012 07:54:37 UTC