Re: Transitive third party exceptions from Rigo Wenning on 2012-05-29 (public-tracking@w3.org from May 2012)

From: Rigo Wenning <rigo@w3.org>
Date: Tue, 29 May 2012 18:32:53 +0200
To: public-tracking@w3.org
Cc: Kevin Smith <kevsmith@adobe.com>, "ifette@google.com" <ifette@google.com>
Message-ID: <55767914.vtApuTHU2M@hegel.sophia.w3.org>

Kevin, 

sorry that this remained unanswered. I was far too busy to keep being 
connected. 

On Wednesday 16 May 2012 09:53:10 Kevin Smith wrote:
> Is this entirely to meet European requirements, because it sounds like
> there is still some debate among those well versed in European law as to
> whether this will help.  

The transitive scope of permission is a concession to the practical 
implementation of ad networks. So I'm helping Shane to keep his models and 
procedures and only adjust slightly.

> From a logical standpoint, I still maintain this
> makes no sense at all.  Why would we assume the user would trust the 3rd
> party who they don’t know, more than the 1st party who they do?  

You have a logic breaking point here. 

1/ DNT is not applicable as a limitation for 1st parties (only an enabler in 
the EU context) 

2/ What is the difference between my first party deciding on unbound third 
parties and me deciding about unbound third parties?

> If
> transitive trust is adequate for a 3rd party, it surely should be for the
> 1st party.  

Within certain boundaries this is already true. As a first party you can 
declare some sites belong to the same entity. 

> I still believe this has almost all of the negatives of
> explicit/explicit (cost and complexity), without many of the benefits
> (aside from the fact that this is at least more technically feasible)

You would have a point if the transitive permission would be an open 
permission to do whatever with the data received. Consider first that we are 
talking about sending DNT;0 to a third party. Giving permission. In the US 
context that makes no difference at all. Once you give permission to one 
third party (A), this third party can give the data and everything to B, C, 
and D and Z. In Europe, the difference is positive as it clears that ad 
auctions will work once the first entity in a chain has received DNT;0. But 
in Europe it is not unbound as the transitive permission does not remove the 
purpose limitation. So whether you do Analytics or Ads, you remain bound by 
that. 

So do I hear you argue that we need more limitations for the US market and 
if we allow for transitive permissions, have some kind of implicit purpose 
limitation to it? This is easily feasible IMHO. 

Best, 

Rigo

Received on Tuesday, 29 May 2012 16:33:25 UTC