- From: Alan Chapell <achapell@chapellassociates.com>
- Date: Tue, 02 Apr 2013 12:49:06 -0400
- To: Shane Wiley <wileys@yahoo-inc.com>, Jeffrey Chester <jeff@democraticmedia.org>
- CC: John Simpson <john@consumerwatchdog.org>, "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
- Message-ID: <CD8082C4.2E3ED%achapell@chapellassociates.com>
Seems like we've gone down one of our infamous ratholes here. I agree that DNT should not apply to first parties' OFFLINE advertising and content customization activities. However, I do think that if we allow offline data to be utilized to tailor first party ONLINE advertising and content customization activities, we are creating a significant loophole in the DNT standard. We haven't heard yet from the regulators in the working group on this. Ed / Rob any thoughts? I look forward to discussing tomorrow. Alan From: Shane Wiley <wileys@yahoo-inc.com> Date: Tuesday, April 2, 2013 10:55 AM To: Jeffrey Chester <jeff@democraticmedia.org> Cc: John Simpson <john@consumerwatchdog.org>, "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org> Subject: RE: Data append?-transactional? Resent-From: <public-tracking@w3.org> Resent-Date: Tue, 02 Apr 2013 14:57:04 +0000 > Jeff, > > This is a perfect example of attempting to overuse DNT to solve tangential > privacy issues. A userıs decision comes with each and every page request and > will be recognized for each of the page responses. Attempting to stretch DNT > to now be recognized outside of this context is inappropriate. I understand > the desire to use this single signal to cover all possible privacy situations > but I would continue to recommend we avoid that approach and keep our focus > locked in on the original intent of the working group. > > - Shane > > > From: Jeffrey Chester [mailto:jeff@democraticmedia.org] > Sent: Tuesday, April 02, 2013 4:58 AM > To: Shane Wiley > Cc: John Simpson; public-tracking@w3.org (public-tracking@w3.org) > Subject: Re: Data append?-transactional? > > Shane: > > > > I don't believe the DNT signal should be considered transactional by First > parties. They should register that preference and operate accordingly. Users > won't expect their DNT decisions to be temporal, fleeting, concerns. The > first party server should acknowledge that decision unless it receives a > signal otherwise. All data flow decisions should be adjusted to that choice, > unless otherwise instructed by the user. > > > > > > > > > > Jeffrey Chester > > Center for Digital Democracy > > 1621 Connecticut Ave, NW, Suite 550 > > Washington, DC 20009 > > www.democraticmedia.org <http://www.democraticmedia.org> > > www.digitalads.org <http://www.digitalads.org> > > 202-986-2220 > > > On Apr 1, 2013, at 10:47 PM, Shane Wiley wrote: > > > John, > > > > I believe I see the disconnect. There is no responsibility for any party (1st > or 3rd) to ³remember² a userıs DNT setting it is transactional meaning it > can change from moment to moment per each transaction (in reality I hope > thatıs not the case but its technically possible). So in the use case of > offline appends, youıre asking a 1st party to ³remember² the last DNT setting > it received for a user and then apply that offline. I do not agree with that > proposal and donıt feel itıs appropriate to store a userıs DNT setting on the > Server side since this will come with each page request. I hope this makes > sense on both sides that DNT is at its essence: online (real-time) and > transactional (not a setting Servers must remember for the next transaction > which will have a page header request of its own). Fair? > > > > - Shane > > > > From: John Simpson [mailto:john@consumerwatchdog.org] > Sent: Monday, April 01, 2013 3:50 PM > To: Shane Wiley > Cc: public-tracking@w3.org (public-tracking@w3.org) > Subject: Re: Data append? > > > > Shane, > > > > Thanks for responding. Questions in line below. > > > > On Mar 31, 2013, at 8:26 PM, Shane Wiley <wileys@yahoo-inc.com> wrote: > > > > > John and Alan, > > > > Thank you for taking the first pass at normative text for ³data append² > exercises from the 1st party perspective and how these interrelate to DNT. > > > > A few comments: > > > > -- A 1st Party MUST NOT combine or otherwise use identifiable data received > from another party with data it has collected while a 1st Party. > > > > [I believe the DNT signal should be directed to the sender, not the recipient. > In this case, I would expect the 3rd party to receive the signal and > appropriate not convey information within the context of DNT. This sentence > should either be dropped or rewritten to focus on the sender (3rd party in > this context).] > > > > I'm sorry, I'm not sure I understand what you mean by sender and recipient. > By sender do you mean the party that has data and "sends" it to the 1st party > (the recipient)? I think you're saying that the 3rd party would receive the > DNT signal and could not send data to the 1st Party. I believe that's true > under the current draft of the TCS spec *IF* the sender is present on the > website as a 3rd Party. What I am specifically calling out is the use case > where the "sender" (I say "another party") has no presence on the site. If > DNT:1 is enabled, the 1st Party could not go beyond the 1st Party experience > and request data from another source. It's likely the case that this other > party would not have received a DNT:1 message, so it is necessary for the 1st > Party to honor the request. > > > > > > > -- A 1st Party MUST NOT share identifiable data with another party unless the > data was provided voluntarily by the user and is necessary to complete a > business transaction with the user. >> >> >> >> [DNT is transactional. I could see this prohibition working if the data >> being passed occurred online in the context of the DNT signal being in the >> header but for purely offline data matches I hope we agree this could not >> work. I would also struggle to understand a business case where a user has >> ³shared identifiable data involuntarily² could you please give an example?] > > > > Why wouldn't this work with offline matches? I used "provided voluntarily" to > get at the idea that consent had been given. > > > > > [Of course all of these are trumped by user consent.] > > > > Agree, if it is informed consent. > > > > Finally, what's your reaction to the third element: > > > > A Party MUST NOT use data gathered while a 1st Party when operating as a 3rd > Party. > > > > Are you comfortable with that? > > Regards, > > > > John >> >> >> >> - Shane >> >> >> >> From: John Simpson [mailto:john@consumerwatchdog.org >> <http://consumerwatchdog.org> ] >> Sent: Sunday, March 31, 2013 8:13 PM >> To: public-tracking@w3.org <mailto:public-tracking@w3.org> >> (public-tracking@w3.org <mailto:public-tracking@w3.org> ) >> Subject: Data append? >> Importance: High >> >> >> >> Colleagues, >> >> >> >> Alan Chapell and I have agreed on text that should cover the situation >> regarding "data append" when DNT is received. I look forward to discussing. >> >> >> >> The text is below. >> >> >> >> Regards, >> >> John >> >> ---- >> >> >> >> Normative: >> >> When DNT:1 is received: >> >> >> >> -- A 1st Party MUST NOT combine or otherwise use identifiable data received >> from another party with data it has collected while a 1st Party. >> >> -- A 1st Party MUST NOT share identifiable data with another party unless the >> data was provided voluntarily by the user and is necessary to complete a >> business transaction with the user. >> >> -- A Party MUST NOT use data gathered while a 1st Party when operating as a >> 3rd Party. >> >> >> >> Non-Normative: >> >> When DNT:1 is received, a 1st Party retains the ability to customize content, >> services, and advertising only within the context of the first party >> experience. A 1st party takes the user interaction outside of the 1st party >> experience if it receives identifiable data from another party and uses that >> data for customization of content, services, or advertising. >> >> >> >> When DNT:1 is received the 1st Party may continue to utilize user provided >> data in order to complete or fulfill a user initiated business transaction >> such as fulfilling an order for goods or a subscription. >> >> >> >> When DNT:1 is received and a Party has become a 3rd Party it is interacting >> with the user outside of the 1st Party experience. Using data gathered >> while a 1st party is incompatible with interaction as a third party. >> >> >> >> >> >> >
Received on Tuesday, 2 April 2013 17:28:54 UTC