- From: Alan Chapell <achapell@chapellassociates.com>
- Date: Mon, 01 Apr 2013 08:04:50 -0400
- To: Shane Wiley <wileys@yahoo-inc.com>, John Simpson <john@consumerwatchdog.org>, "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
- Message-ID: <CD7EEEE1.2E208%achapell@chapellassociates.com>
Thanks Shane. Some comments and questions below. From: Shane Wiley <wileys@yahoo-inc.com> Date: Sunday, March 31, 2013 11:26 PM To: John Simpson <john@consumerwatchdog.org>, "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org> Subject: RE: Data append? Resent-From: <public-tracking@w3.org> Resent-Date: Mon, 01 Apr 2013 03:27:26 +0000 > John and Alan, > > Thank you for taking the first pass at normative text for ³data append² > exercises from the 1st party perspective and how these interrelate to DNT. > > A few comments: > > -- A 1st Party MUST NOT combine or otherwise use identifiable data received > from another party with data it has collected while a 1st Party. > > [I believe the DNT signal should be directed to the sender, not the recipient. Can you help me understand what you mean by the above sentence? > In this case, I would expect the 3rd party to receive the signal and > appropriate not convey information within the context of DNT. This sentence > should either be dropped or rewritten to focus on the sender (3rd party in > this context).] > > -- A 1st Party MUST NOT share identifiable data with another party unless the > data was provided voluntarily by the user and is necessary to complete a > business transaction with the user. > > [DNT is transactional. I could see this prohibition working if the data being > passed occurred online in the context of the DNT signal being in the header > but for purely offline data matches I hope we agree this could not work. I > would also struggle to understand a business case where a user has ³shared > identifiable data involuntarily² could you please give an example?] If a 1st party has a truly offline data match, (e.g., they append info obtained from a data broker to an email and use that information to send a catalog via USPS) then I would tend to agree. However, if that information is appended and used to customize content or advertising in a digital environment, then I it stands to reason that such a use case should be covered by DNT. > > [Of course all of these are trumped by user consent.] > > - Shane > > > From: John Simpson [mailto:john@consumerwatchdog.org] > Sent: Sunday, March 31, 2013 8:13 PM > To: public-tracking@w3.org (public-tracking@w3.org) > Subject: Data append? > Importance: High > > > Colleagues, > > > > Alan Chapell and I have agreed on text that should cover the situation > regarding "data append" when DNT is received. I look forward to discussing. > > > > The text is below. > > > > Regards, > > John > > ---- > > > > Normative: > > When DNT:1 is received: > > > > -- A 1st Party MUST NOT combine or otherwise use identifiable data received > from another party with data it has collected while a 1st Party. > > -- A 1st Party MUST NOT share identifiable data with another party unless the > data was provided voluntarily by the user and is necessary to complete a > business transaction with the user. > > -- A Party MUST NOT use data gathered while a 1st Party when operating as a > 3rd Party. > > > > Non-Normative: > > When DNT:1 is received, a 1st Party retains the ability to customize content, > services, and advertising only within the context of the first party > experience. A 1st party takes the user interaction outside of the 1st party > experience if it receives identifiable data from another party and uses that > data for customization of content, services, or advertising. > > > > When DNT:1 is received the 1st Party may continue to utilize user provided > data in order to complete or fulfill a user initiated business transaction > such as fulfilling an order for goods or a subscription. > > > > When DNT:1 is received and a Party has become a 3rd Party it is interacting > with the user outside of the 1st Party experience. Using data gathered while > a 1st party is incompatible with interaction as a third party. > > > > > >
Received on Monday, 1 April 2013 12:05:26 UTC