Re: transitivity of DNT exceptions

Hi Kimon,


I believe that this also holds for DNT with transitive exceptions:
- If an ad-network receives an exception, this holds for its descendants
too (the transitivity)
- These third parties are then exempted from the DNT constraints and can
use the collected data as before
- This includes cross-site use among sites where a user has agreed to an
exception

E.g., if a user granted a site-wide exception at site1 and site2 and
both use an adnetwork adnet1 then adnet1 can correlated the data
collected at site1 and site2. However, if a user has not granted a
site-wide exception for site3, then the data collected via site3 is
still constrained by DNT and must not be pooled for cross-site use.


Regards,


On 09/05/2012 19:46, Kimon Zorbas wrote:
> Nick, I think this goes even beyond what data protection authorities
> have been discussing. They would allow for an ad-network to be
> "authorised" on via website and use data cross-sites.
>
> We need to discuss this with our members, as we see the transpositions
> across the EU/EEA to not be coherent or consistent.
>
> Kind regards,
> Kimon
>
> Kimon Zorbas Vice President IAB Europe
>
> IAB Europe - The Egg
> Rue Barastraat 175
> 1070 Brussels - Belgium
> Phone +32 (0)2 5265 568
> Mob +32 494 34 91 68
> Fax +32 2 526 55 60
> vp@iabeurope.eu
> Twitter: @kimon_zorbas
>
> www.iabeurope.eu and www.interactcongress. eu
>
> IAB Europe supports the .eu domain name www.eurid.eu
>
> IAB Europe is supported by:
>
> Austria, Belgium, Bulgaria, Croatia, Czech Republic, Denmark, Finland,
> France, Germany, Greece, Hungary, Ireland, Italy, Netherlands, Norway,
> Poland, Romania, Russia, Serbia, Slovakia, Slovenia, Spain, Sweden,
> Switzerland, Turkey, Ukraine and United Kingdom representing their
> 5.000 members. The IAB network represents over 90% of European digital
> revenues and is acting as voice for the industry at National and
> European level.
>
> IAB Europe is powered by:
>
> Adconion Media Group, Adobe, ADTECH, Alcatel-Lucent, AOL Advertising
> Europe, AudienceScience, BBCAdvertising, CNN, comScore Europe, CPX
> Interactive, Criteo, eBay International Advertising, Expedia Inc, Fox
> Interactive Media, Gemius, Goldbach Media Group, Google, GroupM,
> Hi-Media, Koan, Microsoft Europe, Millward Brown, News Corporation,
> nugg.ad, Nielsen Online, OMD, Orange Advertising Network, PHD,Prisa,
> Publicitas Europe, Quisma, Sanoma Digital, Selligent, TradeDoubler,
> Triton Digital, United Internet Media, ValueClick, Verisign, Viacom
> International Media Networks, White & Case, Yahoo! and zanox.
>
> IAB Europe is associated with: Advance International Media, Banner,
> Emediate, NextPerformance, Right Media, Tribal Fusion and Turn Europe
>
> ----- Reply message -----
> From: "Nicholas Doty" <npdoty@w3.org>
> To: "Tracking Protection Working Group" <public-tracking@w3.org>
> Cc: "Matthias Schunter" <mts-std@schunter.org>
> Subject: transitivity of DNT exceptions
> Date: Wed, May 9, 2012 7:45 am
>
>
>
> After some discussion of transitivity of exceptions on last week's
> call and some follow-up with Matthias, it sounds like there might be
> interest in specific exceptions (that might help with EU or other
> jurisdictions) for top-level third parties. For example, maybe a large
> site could more easily specify the ad networks or exchanges it works
> with in requesting an exception (such that those domains receive a
> DNT:0 opt-in signal) and then all further re-directs would also be
> excepted, because the further third-parties aren't using the data for
> any additional purposes (via some version of our Outsourcing
> exception, and perhaps fitting an EU "data processor" definition).
>
> Does this sound workable for interpretations of EU law? For site or
> browser implementers?
>
> Do we see other definitions of "transitivity of exceptions" that would
> be useful? Browsers could, for example, send DNT:0 to all resources
> that are re-directed from a request that was initiated with DNT:0, but
> that sounds both annoying to implement (for browser plug-ins, for
> example) and sometimes specifically not the intent of an exception
> (URL re-direction services, maybe).
>
> Thanks,
> Nick
>
> (This isn't meant to duplicate Ian's action-194, though maybe it will
> be related.)