- From: Mike O'Neill <michael.oneill@baycloud.com>
- Date: Mon, 12 Nov 2012 09:43:52 -0000
- To: <public-tracking@w3.org>
Rob, This begs the question to how the data acquired by the app is associated with a later 3rd party request. If you mean an html5 based app then then this situation should be covered by the exception API i.e. the use gives their consent and this is communicated to the mobile user-agent (so DNT:0 is sent in later requests). I think trying to handle this use case by layering further exemptions to DNT:1 will just undermine the whole process. If you are thinking about a native app then this must be outside the remit of the group. Would we also need to consider other out-of-band data gathering, for instance location information gathered from face recognition of CCTV feeds? Mike -----Original Message----- From: Rob Sherman [mailto:robsherman@fb.com] Sent: 12 November 2012 02:58 To: Aleecia M. McDonald; public-tracking@w3.org (public-tracking@w3.org) (public-tracking@w3.org) Subject: Re: Proposals for Compliance issue clean up Aleecia, I think it is premature to finalize a definition of "declared data" before we have consensus on whether and how the concept is relevant. Particularly, I'm not aware of any existing text in the Editors' Draft that uses the term "declared data," and it seems that the question whether a particular proposed definition of that term makes sense depends a lot on how the term is going to be used. On the substance of Shane's proposal, though, I'd suggest that it be modified along the lines of my correspondence with Shane (http://lists.w3.org/Archives/Public/public-tracking/2012Oct/0310.html) to make clear that there are situations in which information is "declared data" even if it is not "directly and expressly supplied by a user to a party." As described in the thread, Shane and I agreed that this concept includes a situation in which the user authorizes sharing of information but does not "directly and expressly suppl[y]" it. (For example, we agreed that if you specifically authorize an app to publish information about actions you take within the app to your Facebook timeline (or specifically authorize Facebook to receive that information), that information would be deemed "declared data" as to Facebook even though it is not provided "directly" by the user to Facebook.) (I'm happy to work with Shane to modify his proposal to address this concern. Even with those modifications, before we finalize this definition I think it's important for us to understand how, if at all, it will fit into the draft.) Thanks. Rob Rob Sherman Facebook | Manager, Privacy and Public Policy 1155 F Street, NW Suite 475 | Washington, DC 20004 office 202.370.5147 | mobile 202.257.3901 On 11/9/12 3:04 PM, "Aleecia M. McDonald" <aleecia@aleecia.com> wrote: >Here are places we might have straight-forward decisions. If there are >no responses within a week (that is, by Friday 16 November,) we will >adopt the proposals below. > > >For issue-97 (Re-direction, shortened URLs, click analytics -- what >kind of tracking is this?) with action-196, we have text with no >counter proposal. Unless someone volunteers to take an action to write >opposing text, we will close this with the action-196 text. > PROPOSED: We adopt the text from action-196, >http://lists.w3.org/Archives/Public/public-tracking/2012Jun/0106.html > >For issue-60 (Will a recipient know if it itself is a 1st or 3rd >party?) we had a meeting of the minds >(http://lists.w3.org/Archives/Public/public-tracking/2012Apr/0129.html) >but did not close the issue. We have support for 3.5.2 Option 2, >http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.h >tml #def-first-third-parties-opt-2, with one of the authors of 3.5.1 >Option 1, >http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.h >tml >#def-first-third-parties-opt-2 accepting Option 2. There was no >sustained objection against Option 2 at that time. Let us find out if >there is remaining disagreement. > PROPOSED: We adopt 3.5.2 Option 2, >http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.h >tml >#def-first-third-parties-opt-2 > >For action-306, we have a proposed definition with accompanying >non-normative examples > PROPOSED: We adopt the text from action-306 to define declared data, >to be added to the definitions in the Compliance document, >http://lists.w3.org/Archives/Public/public-tracking/2012Oct/0296.html > PROPOSED: We look for volunteers to take an action to write text >explaining when and how declared data is relevant (See the note in >6.1.2.3, >http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.h >tml >#first-party-data) to address issue-64 > > Aleecia
Received on Monday, 12 November 2012 09:44:27 UTC