W3C home > Mailing lists > Public > public-tracking@w3.org > May 2012

Re: transitivity of DNT exceptions

From: Rob van Eijk <rob@blaeu.com>
Date: Wed, 16 May 2012 11:39:30 +0200
Message-ID: <4FB375D2.5030405@blaeu.com>
To: public-tracking@w3.org

In the EU we have (co)-controller(s), processor(s) and further 
third-parties down the chain. Strictly speaking these third-parties down 
the chain are Controllers themselves, even when they aren't using the 
data for any additional purposes. However, as we have seen in a previous 
thread, this doesn't help us in the exception discussion.

>  Do we see other definitions of "transitivity of exceptions" that would 
be useful?
I am playing with the thought that transitivity is useful in terms of 
chain responsibility and/or liability. The concept of chain liability is 
useful when it comes to sub-processing to unknown third-parties. Being 
responsible/liable for the whole chain could be a condition when using 
the concept of transitivity.

Ergo: granting a site wide exception for third parties under the 
condition that the chain responsibility/liability is with the first 
party makes sense to me.


On 9-5-2012 13:46, Rob van Eijk wrote:
> Hi Nick,
> I would like to coin the term inheritance instead of transitivity. I 
> believe an object oriented approach to exceptions, like object 
> oriented programming, is worth exploring. The relation between 
> exceptions gives rise to hierarchy.
> Rob
> On 9-5-2012 7:44, Nicholas Doty wrote:
>> After some discussion of transitivity of exceptions on last week's 
>> call and some follow-up with Matthias, it sounds like there might be 
>> interest in specific exceptions (that might help with EU or other 
>> jurisdictions) for top-level third parties. For example, maybe a 
>> large site could more easily specify the ad networks or exchanges it 
>> works with in requesting an exception (such that those domains 
>> receive a DNT:0 opt-in signal) and then all further re-directs would 
>> also be excepted, because the further third-parties aren't using the 
>> data for any additional purposes (via some version of our Outsourcing 
>> exception, and perhaps fitting an EU "data processor" definition).
>> Does this sound workable for interpretations of EU law? For site or 
>> browser implementers?
>> Do we see other definitions of "transitivity of exceptions" that 
>> would be useful? Browsers could, for example, send DNT:0 to all 
>> resources that are re-directed from a request that was initiated with 
>> DNT:0, but that sounds both annoying to implement (for browser 
>> plug-ins, for example) and sometimes specifically not the intent of 
>> an exception (URL re-direction services, maybe).
>> Thanks,
>> Nick
>> (This isn't meant to duplicate Ian's action-194, though maybe it will 
>> be related.)
Received on Wednesday, 16 May 2012 09:39:57 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:38:42 UTC