- From: Mike O'Neill <michael.oneill@baycloud.com>
- Date: Thu, 18 Oct 2012 15:52:57 +0100
- To: <public-tracking@w3.org>
Rigo, Yes, we are close to agreement now (on the technical side anyway) and we don't want anyone to take their bat home. I agree we need a signal back from a 1st party handler (server) to say they comply as if they were 3rd party (for Europe). And also we should have a transparent way for a user-agent to signal 1st or 3rd party to a handler. Mike -----Original Message----- From: Rigo Wenning [mailto:rigo@w3.org] Sent: 16 October 2012 17:01 To: public-tracking@w3.org Cc: Mike O'Neill Subject: Re: FW: ACTION-267 - Propose first/third party definitions from existing DAA documents Mike, I like that, but fear we open a can of worms that we thought was closed. After talks to David W. in Amsterdam, I'm confirmed in my personal opinion about 1st and 3rd parties (it's sufficient to look at the monster-definitions to see that it's just an ugly compromise). For the moment, I haven't seen somebody linking this discussion to a concrete issue. If we want to open the question again, this has to be requested to the chairs. Note that the 'no-distinction' makes no difference to both regimes. US default unset is as unaffected by the distinction as is EU treat like DNT:1 as you are required to do so by law. Nevertheless, the distinction has some merit. Counter arguments are: * A first party is not doing cross-site monitoring, so the risk for privacy is lower * Trying to address all will also affect smaller sites. Most third parties are real professional services and can afford the DNT complexity. * First party tracking is addressed by other means (the CNIL inquiry on Google's change of privacy policy being one example for this) * First parties MAY respect DNT and declare their compliance. They are not forced to, but they aren't hindered either. (Although I think we do not have a status value for that yet other than the disputed "N") There are counter-counter arguments. In short, I wonder how much Shane and Heather would howl if we re- open that question. They may oppose it and the chairs too (because of timing) Rigo On Thursday 11 October 2012 16:07:26 Mike O'Neill wrote: > So we now have 1) a EU based "compliance regime" that's says DNT:1 > should be assumed by default and 1st party should react as if they > were 3rd p, 2) a W3C "consensus" where DNT unset is the default and > 1st parties have an easier ride than 3rd parties and > 3) a DAA/IAB US/and others lobby who hold that 2) is unfair and not a > level playing field. > > > > So why not just support 1. The only difference with your position is > the DNT default case, which is hard to explain to outsiders and cannot > be avoided in Europe anyway.
Received on Thursday, 18 October 2012 14:53:43 UTC