FW: ACTION-267 - Propose first/third party definitions from existing DAA documents from Mike O'Neill on 2012-10-18 (public-tracking@w3.org from October 2012)

From: Mike O'Neill <michael.oneill@baycloud.com>
Date: Thu, 18 Oct 2012 15:52:57 +0100
To: <public-tracking@w3.org>
Message-ID: <045401cdad40$432346f0$c969d4d0$@baycloud.com>

Rigo,

Yes, we are close to agreement now (on the technical side anyway) and we
don't want anyone to take their bat home.

I agree we need a signal back from a 1st party handler (server) to say they
comply as if they were 3rd party (for Europe). And also we should have a
transparent way for a user-agent to signal 1st or 3rd party to a handler.

Mike

-----Original Message-----
From: Rigo Wenning [mailto:rigo@w3.org]
Sent: 16 October 2012 17:01
To: public-tracking@w3.org
Cc: Mike O'Neill
Subject: Re: FW: ACTION-267 - Propose first/third party definitions from
existing DAA documents

Mike, 

I like that, but fear we open a can of worms that we thought was closed.
After talks to David W. in Amsterdam, I'm confirmed in my personal opinion
about 1st and 3rd parties (it's sufficient to look at the
monster-definitions to see that it's just an ugly compromise). For the
moment, I haven't seen somebody linking this discussion to a concrete issue.
If we want to open the question again, this has to be requested to the
chairs. 

Note that the 'no-distinction' makes no difference to both regimes. 
US default unset is as unaffected by the distinction as is EU treat like
DNT:1 as you are required to do so by law. 

Nevertheless, the distinction has some merit. Counter arguments are: 

 * A first party is not doing cross-site monitoring, so the risk for privacy
is lower
 * Trying to address all will also affect smaller sites. Most third parties
are real professional services and can afford the DNT complexity.
 * First party tracking is addressed by other means (the CNIL inquiry on
Google's change of privacy policy being one example for
this)
 * First parties MAY respect DNT and declare their compliance. They are not
forced to, but they aren't hindered either. (Although I think we do not have
a status value for that yet other than the disputed "N")

There are counter-counter arguments. 

In short, I wonder how much Shane and Heather would howl if we re- open that
question. They may oppose it and the chairs too (because of timing)

Rigo

On Thursday 11 October 2012 16:07:26 Mike O'Neill wrote:
> So we now have 1) a EU based "compliance regime" that's says DNT:1 
> should be assumed by default and 1st party should react as if they 
> were 3rd p, 2) a W3C "consensus" where DNT unset is the default and 
> 1st parties have an easier ride than 3rd parties and
> 3) a DAA/IAB US/and others lobby who hold that 2) is unfair and not a 
> level playing field.
> 
>  
> 
> So why not just support 1. The only difference with your position is 
> the DNT default case, which is hard to explain to outsiders and cannot 
> be avoided in Europe anyway.

Received on Thursday, 18 October 2012 14:53:43 UTC