Re: Proposed definitions of Share and Collect

On Oct 24, 2012, at 10:10 AM, Chris Pedigo wrote:

> Roy, I believe it’s way too broad to define “share” as simply allowing access to the data.  For example, a first party uses an ad network to deliver contextual advertising.  Under our standard, the ad network is a third party and can only collect/use data for the Permitted Uses.  But, they have technically have access to the data.

If you mean they have collected the contextual data, the answer is
yes.  We are talking about the defined term for share, not
what kind of data can or cannot be shared.

Ad networks obtain contextual data from the information passed
in the URI to the ad network (or determined by the ad network
via prior indexing of the referral page content by subject).
If the information is about the page context, then it is contextual.
If the information is about an identifiable user, then it is personal.
Those are two sets with a potential for overlap.

Yes, this assumes that there is another definition that defines
tracking and that DNT does not apply to all data collection.

> I would prefer Amy’s original definition (below).
>  
> Share: A party "shares" data if it transfers or provides a copy of data that it has collected to any other party
> 
It fails to consider services that provide a query interface
to the data but no actual transfer or copy of the data records.
For example, a third party asking

   Q: Did user xkdhdkj75kj5026 visit myprivatesite.com?
   A: Yes

should be considered "sharing", and a violation of DNT unless
it is limited to a permitted use, yet it neither transfers nor
copies the data collected.  Likewise, allowing other parties
to inspect the data collected is sharing unless the parties
are bound by service provider constraints.

....Roy

Received on Wednesday, 24 October 2012 20:40:48 UTC