- From: Shane Wiley <wileys@yahoo-inc.com>
- Date: Sat, 22 Sep 2012 09:42:59 -0700
- To: Jeffrey Chester <jeff@democraticmedia.org>
- CC: Vinay Goel <vigoel@adobe.com>, Rob Sherman <robsherman@fb.com>, Chris Pedigo <CPedigo@online-publishers.org>, Justin Brookman <justin@cdt.org>, "public-tracking@w3.org" <public-tracking@w3.org>
- Message-ID: <63294A1959410048A33AEE161379C802747DC9B8D3@SP2-EX07VS02.ds.corp.yahoo.com>
Having the same TOS should not be a requirement but having access to both party's TOS should be ("easily discoverable"). - Shane From: Jeffrey Chester [mailto:jeff@democraticmedia.org] Sent: Saturday, September 22, 2012 5:43 AM To: Shane Wiley Cc: Vinay Goel; Rob Sherman; Chris Pedigo; Justin Brookman; public-tracking@w3.org Subject: Re: Multiple First Parties Shane: Can you clarify. The sites that would be treated as twin first parties would each have the same ToS? No different data practices, third party data partners, different data deliver? In the case of Yahoo and AT&T, is the case the same ToS and data use with affiliates, etc? Thanks, Jeff Jeffrey Chester Center for Digital Democracy 1621 Connecticut Ave, NW, Suite 550 Washington, DC 20009 www.democraticmedia.org<http://www.democraticmedia.org> www.digitalads.org<http://www.digitalads.org> 202-986-2220 On Sep 21, 2012, at 4:03 PM, Shane Wiley wrote: Yahoo! has a few examples of multiple first party "sites" - AT&T is one of those. We require the following elements for a site to be "multi first party": - Clear branding for both parties in the header - Shared Terms of Service (or links to both with a description of the multi-first party situation) - Links to both Privacy Policies with a description of the multi-first party situation I believe this carries the necessary elements for users to see/understand who is involved in data collection and use on the site. - Shane From: Jeffrey Chester [mailto:jeff@democraticmedia.org] Sent: Friday, September 21, 2012 9:38 AM To: Vinay Goel Cc: Rob Sherman; Chris Pedigo; Justin Brookman; public-tracking@w3.org<mailto:public-tracking@w3.org> Subject: Re: Multiple First Parties That is very interesting. How would a user know the different data collection practices run by the parties, and its implications? What does ATT.net<http://ATT.net> do with the data versus Yahoo? What is shared and used by both parties internally and operationalized? Or shared with third parties, used by ad exchanges, etc. This is a good example to fully flesh out the data practices on co-branded sites to understand what it means for privacy under the DNT frame. I hope you and colleagues to build on this so we have a living example to consider. Thanks, Jeff Jeffrey Chester Center for Digital Democracy 1621 Connecticut Ave, NW, Suite 550 Washington, DC 20009 www.democraticmedia.org<http://www.democraticmedia.org> www.digitalads.org<http://www.digitalads.org> 202-986-2220 On Sep 21, 2012, at 12:26 PM, Vinay Goel wrote: Hi Jeff, Here's one example: http://att.yahoo.com<http://att.yahoo.com/> -Vinay From: Jeffrey Chester <jeff@democraticmedia.org<mailto:jeff@democraticmedia.org>> Date: Friday, September 21, 2012 9:33 AM To: Rob Sherman <robsherman@fb.com<mailto:robsherman@fb.com>> Cc: Chris Pedigo <CPedigo@online-publishers.org<mailto:CPedigo@online-publishers.org>>, Justin Brookman <justin@cdt.org<mailto:justin@cdt.org>>, "public-tracking@w3.org<mailto:public-tracking@w3.org>" <public-tracking@w3.org<mailto:public-tracking@w3.org>> Subject: Re: Multiple First Parties Resent-From: <public-tracking@w3.org<mailto:public-tracking@w3.org>> Resent-Date: Friday, September 21, 2012 9:34 AM Rob: Thanks for all this. Can you give us a real world example of a co-run site? What are the models we can examine to help us better understand the implications for users? Regards, Jeff Jeffrey Chester Center for Digital Democracy 1621 Connecticut Ave, NW, Suite 550 Washington, DC 20009 www.democraticmedia.org<http://www.democraticmedia.org/> www.digitalads.org<http://www.digitalads.org/> 202-986-2220 On Sep 21, 2012, at 3:01 AM, Rob Sherman wrote: Thanks very much for all of this feedback. As I understand it, the group generally agrees that the party responsible for a website that a user visits is a first party on that website. Text in the existing draft acknowledges that, in some circumstances, there may be more than one party responsible. The point of my proposal is to provide context around that concept so that parties have some guidance in the spec about how to determine whether they fall into this category. Currently, we simply say that it may sometimes happen and leave it at that. The Example Sports on Example Social example - which comes from Jonathan and Tom's text - is an attempt to illustrate the point, and what I've tried to do is to elaborate a bit on what it is about Example Sports and Example Social that make them both first parties in that instance. I agree with Mike that the meaningful interaction standard doesn't apply here. To be clear, we're talking about two distinct situations: (1) a basic third party, such as a "share" button, which is a third party but becomes a first party when the user interacts with it; and (2) a single website that is operated by two first parties operating together. In that second scenario, just as we agree that a user intends to interact with the entity responsible for a website when he/she browses to that website, it seems reasonable to draw the same conclusion when there are two entities responsible. This should not implicate Jeff's concern about giving parties a "free pass" on DNT because, although I think branding is an important way to ensure that consumers understand who is responsible for a website, nobody is suggesting that putting a logo on a website, without more, gives a party license to ignore DNT. My goal here is simply to describe the concept of multiple first parties, which has been in the draft for some time and is a concept that I think most people in the TPWG understand, in a way that helps parties who have not been a part of our discussions implement the spec in a way that is consistent with what we envision. Rob Sherman Facebook | Manager, Privacy and Public Policy 1155 F Street, NW Suite 475 | Washington, DC 20004 office 202.370.5147 | mobile 202.257.3901 On 9/20/12 7:08 AM, "Chris Pedigo" <CPedigo@online-publishers.org<mailto:CPedigo@online-publishers.org>> wrote: Rob, thanks for this clarifying language. I believe it reflects the group's previous decisions on first parties and provides some useful guidance for implementers. Justin, I don't see how this would be an expansion. Can you clarify? -----Original Message----- From: Justin Brookman [mailto:justin@cdt.org] Sent: Thursday, September 20, 2012 10:01 AM To: public-tracking@w3.org<mailto:public-tracking@w3.org> Subject: Re: Multiple First Parties The existing language already allows for multiple first parties despite no meaningful interaction. Rob (Sherman) is arguing for an expansion. I have previously argued against multiple first parties, but I do not believe many agreed with me. The Example Sports on Example Social is an interesting example that may be consistent with Jonathan's original formulation (he and Tom drafted the original language), though I still think we need more to be clear that mere branding and disclosure are not sufficient. Justin Brookman Director, Consumer Privacy Center for Democracy & Technology 1634 I Street NW, Suite 1100 Washington, DC 20006 tel 202.407.8812 fax 202.637.0969 justin@cdt.org<mailto:justin@cdt.org> http://www.cdt.org<http://www.cdt.org/> @CenDemTech @JustinBrookman On 9/20/2012 9:52 AM, Jeffrey Chester wrote: I also agree that the meaningful interaction standard should apply. Just because a site may have a syndicated presence on a first part page shouldn't give it a free pass. Sites could engage in co-branding to wipe out DNT safeguards. On Sep 20, 2012, at 9:24 AM, Mike Zaneis wrote: Rob, I don't think the meaningful interaction standard covers what is being presented here. Meaningful interaction contemplates a user action after they visit the site. What the examples Rob Sherman provides show is a clear understanding by the user that there are multiple first parties upon landing on a particular page (am I getting that right Rob Sherman?). I think this is a vitally important distinction for us to make since the Internet is evolving to provide more examples of this dual content/owner page. It just needs to be clear to the user that there are multiple first parties and providing some factors of indicia in the standard would be helpful. Mike Zaneis SVP & General Counsel, IAB (202) 253-1466 On Sep 20, 2012, at 1:42 AM, "Rob van Eijk" <rob@blaeu.com<mailto:rob@blaeu.com>> wrote: In these instances, a party will be deemed a first party on a particular website if it concludes that a user would reasonably expect to communicate with it using the website. Hi Rob, This would imply a change of the first party definition, which is covered elsewhere in the document. Isn't your scenarion already covered with the priniple of meaningful interaction? tnks::Rob Rob Sherman schreef op 2012-09-19 22:34: * * The editors' draft of the compliance spec raises a question about how to define the circumstances in which more than one entity operates as a first party on a particular website. As drafted, the first option leaves more questions than answers because it says that this may happen in some circumstances but does not provide any concrete guidance on how a party can tell when it is a first party. I've proposed text below that I hope leaves intact the basic intent behind the existing text - including two examples that are already there as options - but that elaborates a bit on the examples and provides some non-normative guidance about factors that an entity might consider in making a judgment whether it qualifies as a first party. The thinking is that, although we can't - and should not try to - anticipate the specifics every situation in which two entities collaborate, it would be helpful to provide some guidance in the text to people who are not in the Working Group and who may not have the context for situations that this section envisions. Feedback on this text would, of course, be appreciated. Rob # # # 3.5.1.2.2 MULTIPLE FIRST PARTIES _<NORMATIVE>_ For many websites, there will be only one party that the average user would expect to communicate with: the provider of the website the user has visited. But, for other websites, users may expect to communicate with more than one party. In these instances, a party will be deemed a first party on a particular website if it concludes that a user would reasonably expect to communicate with it using the website. _<NON-NORMATIVE>_ URIs, branding, the presence of privacy policies or other disclosures that specifically identify a party, and the extent to which a party provides meaningful content or functionality on the website, may contribute to, but are not necessarily determinative of, user perceptions about whether a website is provided by more than one party. _Example: _Example Sports, a well-known sports league, collaborates with Example Streaming, a well-known streaming video website, to provide content on a sports-themed video streaming website. The website is prominently advertised and branded as being provided by both Example Sports and ExampleStreaming. An ordinary user who visits the website may recognize that it isoperated by both Example Sports and Example Streaming. Both Example Sports and Example Streaming are first parties. _Example:_ Example Sports has a dedicated page on a Example Social, a social networking website. The page is branded with both Example Sports' name and logo and Example Social's name and logo. Both Example Sports' name and Example Social's names appear in the URI for the page. When a user visits this dedicated page, both Example Sports and Example Social are first parties. Rob Sherman FACEBOOK | MANAGER, PRIVACY AND PUBLIC POLICY 1155 F Street, NW Suite 475 | Washington, DC 20004 office 202.370.5147 | mobile 202.257.3901
Received on Saturday, 22 September 2012 16:44:14 UTC