- From: Justin Brookman <justin@cdt.org>
- Date: Thu, 20 Sep 2012 17:22:10 -0400
- To: Chris Pedigo <CPedigo@online-publishers.org>
- CC: "public-tracking@w3.org" <public-tracking@w3.org>
- Message-ID: <505B8902.3090705@cdt.org>
Original text said "there will almost be only one [first] party," this says "for many websites, there will be only one [first] party." New language says "URIs, branding, and privacy policies or other disclosures that specifically identify a party" might mean that a user expected /ex ante/ to communicate with those branded/disclosed parties. I don't think that's logically accurate. Even if a user was aware that there would be specific branded widgets on a page she visited, don't think that means she meant to communicate with those widgets when she was visited the first party. I'm fine trying to address the platform issue (though I still disagree with the notion), but saying after the fact notification of other parties on the site *might* mean those are first parties too muddies the water and makes implementation harder. Justin Brookman Director, Consumer Privacy Center for Democracy & Technology 1634 I Street NW, Suite 1100 Washington, DC 20006 tel 202.407.8812 fax 202.637.0969 justin@cdt.org http://www.cdt.org @CenDemTech @JustinBrookman On 9/20/2012 10:08 AM, Chris Pedigo wrote: > Rob, thanks for this clarifying language. I believe it reflects the group's previous decisions on first parties and provides some useful guidance for implementers. > > Justin, I don't see how this would be an expansion. Can you clarify? > > -----Original Message----- > From: Justin Brookman [mailto:justin@cdt.org] > Sent: Thursday, September 20, 2012 10:01 AM > To: public-tracking@w3.org > Subject: Re: Multiple First Parties > > The existing language already allows for multiple first parties despite no meaningful interaction. Rob (Sherman) is arguing for an expansion. > I have previously argued against multiple first parties, but I do not believe many agreed with me. The Example Sports on Example Social is an interesting example that may be consistent with Jonathan's original formulation (he and Tom drafted the original language), though I still think we need more to be clear that mere branding and disclosure are not sufficient. > > Justin Brookman > Director, Consumer Privacy > Center for Democracy & Technology > 1634 I Street NW, Suite 1100 > Washington, DC 20006 > tel 202.407.8812 > fax 202.637.0969 > justin@cdt.org > http://www.cdt.org > @CenDemTech > @JustinBrookman > > On 9/20/2012 9:52 AM, Jeffrey Chester wrote: >> I also agree that the meaningful interaction standard should apply. Just because a site may have a syndicated presence on a first part page shouldn't give it a free pass. Sites could engage in co-branding to wipe out DNT safeguards. >> >> >> >> On Sep 20, 2012, at 9:24 AM, Mike Zaneis wrote: >> >>> Rob, >>> >>> I don't think the meaningful interaction standard covers what is being presented here. Meaningful interaction contemplates a user action after they visit the site. What the examples Rob Sherman provides show is a clear understanding by the user that there are multiple first parties upon landing on a particular page (am I getting that right Rob Sherman?). >>> >>> I think this is a vitally important distinction for us to make since the Internet is evolving to provide more examples of this dual content/owner page. It just needs to be clear to the user that there are multiple first parties and providing some factors of indicia in the standard would be helpful. >>> >>> Mike Zaneis >>> SVP & General Counsel, IAB >>> (202) 253-1466 >>> >>> On Sep 20, 2012, at 1:42 AM, "Rob van Eijk" <rob@blaeu.com> wrote: >>> >>>>>> In these instances, a party will be deemed a first party on a particular website if it concludes that a user would reasonably expect to communicate with it using the website. >>>> Hi Rob, >>>> >>>> This would imply a change of the first party definition, which is covered elsewhere in the document. Isn't your scenarion already covered with the priniple of meaningful interaction? >>>> >>>> tnks::Rob >>>> >>>> Rob Sherman schreef op 2012-09-19 22:34: >>>>> * >>>>> * >>>>> The editors' draft of the compliance spec raises a question about >>>>> how to define the circumstances in which more than one entity >>>>> operates as a first party on a particular website. As drafted, the >>>>> first option leaves more questions than answers because it says >>>>> that this may happen in some circumstances but does not provide any >>>>> concrete guidance on how a party can tell when it is a first party. >>>>> >>>>> I've proposed text below that I hope leaves intact the basic intent >>>>> behind the existing text - including two examples that are already >>>>> there as options - but that elaborates a bit on the examples and >>>>> provides some non-normative guidance about factors that an entity >>>>> might consider in making a judgment whether it qualifies as a first >>>>> party. The thinking is that, although we can't - and should not try >>>>> to - anticipate the specifics every situation in which two entities >>>>> collaborate, it would be helpful to provide some guidance in the >>>>> text to people who are not in the Working Group and who may not >>>>> have the context for situations that this section envisions. >>>>> >>>>> Feedback on this text would, of course, be appreciated. >>>>> >>>>> Rob >>>>> >>>>> # # # >>>>> >>>>> 3.5.1.2.2 MULTIPLE FIRST PARTIES >>>>> >>>>> _<NORMATIVE>_ >>>>> >>>>> For many websites, there will be only one party that the average >>>>> user would expect to communicate with: the provider of the website >>>>> the user has visited. But, for other websites, users may expect to >>>>> communicate with more than one party. In these instances, a party >>>>> will be deemed a first party on a particular website if it >>>>> concludes that a user would reasonably expect to communicate with it using the website. >>>>> >>>>> _<NON-NORMATIVE>_ >>>>> >>>>> URIs, branding, the presence of privacy policies or other >>>>> disclosures that specifically identify a party, and the extent to >>>>> which a party provides meaningful content or functionality on the >>>>> website, may contribute to, but are not necessarily determinative >>>>> of, user perceptions about whether a website is provided by more >>>>> than one party. >>>>> >>>>> _Example: _Example Sports, a well-known sports league, collaborates >>>>> with Example Streaming, a well-known streaming video website, to >>>>> provide content on a sports-themed video streaming website. The >>>>> website is prominently advertised and branded as being provided by >>>>> both Example Sports and ExampleStreaming. An ordinary user who >>>>> visits the website may recognize that it isoperated by both Example >>>>> Sports and Example Streaming. Both Example Sports and Example >>>>> Streaming are first parties. >>>>> >>>>> _Example:_ Example Sports has a dedicated page on a Example Social, >>>>> a social networking website. The page is branded with both Example >>>>> Sports' name and logo and Example Social's name and logo. Both >>>>> Example Sports' name and Example Social's names appear in the URI >>>>> for the page. When a user visits this dedicated page, both Example >>>>> Sports and Example Social are first parties. >>>>> >>>>> Rob Sherman >>>>> >>>>> FACEBOOK | MANAGER, PRIVACY AND PUBLIC POLICY >>>>> >>>>> 1155 F Street, NW Suite 475 | Washington, DC 20004 >>>>> >>>>> office 202.370.5147 | mobile 202.257.3901 >> >> > > > > >
Received on Thursday, 20 September 2012 21:22:46 UTC