W3C home > Mailing lists > Public > public-tracking@w3.org > May 2012

Re: explicit-explicit exception pairs

From: Matthias Schunter <mts-std@schunter.org>
Date: Wed, 02 May 2012 21:35:23 +0200
Message-ID: <4FA18C7B.50009@schunter.org>
To: Rigo Wenning <rigo@w3.org>
CC: Jonathan Mayer <jmayer@stanford.edu>, ifette@google.com, Nicholas Doty <npdoty@w3.org>, public-tracking@w3.org

I second Rigo's point that the following solution seems workable while
satisfying our requirements:
1. A site only needs to declare the third parties that it directly uses
(e.g., an ad network)
2. A site is not required to name any other third parties that are then
used indirectly (e.g., recursively loaded ads)
3. The ad network (in this example) is then permitted to further include
any subsequent third parties
    (i.e.  the ad network basically obtains a "*" exception for its
third parties)

This has the following advantages (from my subjective point of view)
1. The user will obtain some transparency and choice
2. The list of third parties should be limited and known to the 1st party
3. The UI should be manageable and the feedback/consent somewhat meaningful
4. The ad network will then inherit some responsibility (at least in in
the EU context)

What do others think?


On 02/05/2012 17:34, Rigo Wenning wrote:
> The legal solution that results in the right incentives is simple. Make the 
> site responsible for the choice of services they make. We can at least write 
> that assumption into the compliance Spec or in the "how-to". 
> I don't believe we should go down the DRM - route and want to control every 
> subservice of a subservice, neither technically nor legally. This is 
> guaranteed to go wrong. We know that from DRM. It would also overcharge the 
> DNT Specifications IMHO.
> Rigo
> On Monday 30 April 2012 16:09:51 Jonathan Mayer wrote:
>> 2) How does a website determine which third parties presently have an
>> exception?
>> I agree that this is a non-trivial problem for websites with many third
>> parties, especially chained third parties.  I disagree that it's a
>> particularly challenging problem, as I've explained several times in
>> other threads.  Moreover, it's a problem that already exists for the
>> self-regulatory opt-out programs.  At any rate, if local law allows,
>> those websites might choose to use a site-wide exception.  Allowing
>> explicit-explicit exceptions doesn't make the problem any harder.
Received on Wednesday, 2 May 2012 19:35:49 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:38:42 UTC