W3C home > Mailing lists > Public > public-tracking@w3.org > March 2012

Revised template for parties and business uses

From: Aleecia M. McDonald <aleecia@aleecia.com>
Date: Wed, 28 Mar 2012 10:22:45 -0700
Message-Id: <8A6F326D-B9C8-4C47-9D3F-41C42464A021@aleecia.com>
To: "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
Expanded based on discussion on the call today. Thanks! If there are other comments, please raise them very soon.


It is fine to respond in outline form -- we're looking at ideas, not at specific wording, at this stage. It is also fine to add text to explain your reasoning. Where possible, please try to keep to the template below so we can compare proposals sanely. David Singer's proposal likely will not have first or third parties: that's fine.

Please refer to the latest draft and use what you would like (http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html). Also potentially useful:
	Issue-10, What is a first party?
	Issue-17, Data use by 1st Party
	Issue-19, Data collection / Data use (3rd party)
	Issue-22, Still have "operational use" of data (auditing of where ads are shown, impression tracking, etc.)
	Issue-24, Possible exemption for fraud detection and defense
	Issue-25, Possible exemption for research purposes
	Issue-31, Minimization -- to what extent will minimization be required for use of a particular exemption? (conditional exemptions)
	Issue-49, Third party as first party - is a third party that collects data on behalf of the first party treated the same way as the first party?
	Issue-73, In order for analytics or other contracting to count as first-party: by contract, by technical silo, both silo and contract

We are currently expecting proposals from:
	David Singer, Jonathan, Shane, John Simson 

The goal is to be able to contrast proposals in DC. Please have proposals done by Friday, April 6th (1.5 weeks from now) so other WG participants can read and reflect prior to the meeting. 

Contributors to this proposal: 

Part I: Parties

	A. A party is…

		Example 0: If a user visits flickr.com, which is branded "from Yahoo!", are Flickr and Yahoo one party?
		Example 1: If a user visits google.com, are other parts of Google, Inc. (adwords, analytics, YouTube, gmail, Google Maps) also the same party as google.com?
		Example 2: If a user visits geico.com, is See's Candies also the same party?
		Example 3: If Mozilla and Opera form a jointly-owned and controlled company called Moperilla, and a user visits Moperilla, are Mozilla and Opera part of the same party as Moperilla?

	B. A first party is…

		To comply with DNT, a first party MUST...
		To comply with DNT, a first party MUST NOT…

	C. A third party is…

		To comply with DNT, a third party MUST...
		To comply with DNT, a third party MUST NOT…

	D. A third party acting as a first party (as an agent) is…

		To comply with DNT, a third party acting as a first party MUST...
		To comply with DNT, a third party acting as a first party MUST NOT…

Part II: Business uses /* or whatever we wind up calling this -- feel free to suggest something different */

	Note: unless you specifically document otherwise, this section is understood to ONLY APPLY TO THIRD PARTIES.

	For each of the seven potential business uses below, please indicate if:
		A. this particular use is never allowed under DNT
		B. this particular use is allowed as long as data is "unlinkable" as described in section 0
		C. this particular use is allowed with retention limits (describe)
		D. this particular use is allowed with aggregation (describe)
		E. this particular use is allowed (describe any other limitations that apply)

	As needed, feel free to define and scope the potential business uses.

	0. "Unlinkable" data - Note current action item with Jonathan gathering text into a concrete proposal, which may be helpful.

	1. Frequency Capping - A form of historical tracking to ensure the number of times a user sees the same ad is kept to a minimum. 
		{A, B, C?}

	2. Financial Logging - Ad impressions and clicks (and sometimes conversions) events are tied to financial transactions (this is how online advertising is billed) and therefore must be collected and stored for billing and auditing purposes.
		{A, B, C?}

	3. 3rd Party Auditing - Online advertising is a billed event and there are concerns with accuracy in impression counting and quality of placement so 3rd party auditors provide an independent reporting service to advertisers and agencies so they can compare reporting for accuracy.
		{A, B, C?}

	4. Security - From traditional security attacks to more elaborate fraudulent activity, ad networks must have the ability to log data about suspected bad actors to discern and filter their activities from legitimate transactions. This information is sometimes shared across 3rd parties in cooperatives to help reduce the daisy-chain effect of attacks across the ad ecosystem.
		{A, B, C?}

	5. Contextual Content or Ad Serving: A third-party may collect and use information contained with the user agent string (including IP address and referrer url) to deliver content customized to that information.
		{A, B, C?}

	6. Research / Market Analytics
		{A, B, C?}

	7. Product Improvement, or, more narrowly, Debugging
		{A, B, C?}
Received on Wednesday, 28 March 2012 17:23:21 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:44:47 UTC