Re: tracking-ISSUE-240 (Context): Do we need to define context? [Tracking Preference Expression (DNT)]

Hi Lee,

fyi: If you split this sentence in two parts, "expectation" is out of 
the picture:

NORMATIVE

A context is a set of resources that share the same data controller, same privacy policy, and a common branding.

NON-NORMATIVE

A user should be able to  expect that data collected by one of those 
resources is available to all other resources within the same context.

IMHO With this definition of context, however, our ISSUE-5 definition 
seems to imply that all contexts (the first party and each individual 
third party) would be permitted to "track" the user locally. Only the 
correlation/linking of data across contexts would be disallowed. E.g., a 
third-party element can still record user behavior and do frequency 
capping and set an identifying cookie, ...


Regards,

Matthias

Am 18.12.2013 23:02, schrieb Lee Tien:
> "Context" confuses me.  For instance, this language...
>
>>>> "For the purpose of this definition, a context is a set of resources that share the same data controller, same privacy policy, and a common branding, such that a user would expect that data collected by one of those resources is available to all other resources within the same context."
> ...seems clearly to rely on user expectations.  I don't have a fundamental problem with that -- but many in the group argued a while back that they could not know what a user would expect.
>
> Lee
>
>
> On Dec 18, 2013, at 12:36 PM, Justin Brookman wrote:
>
>> Right, I think I understand you now.  I think that would be a perverse reading of context --- and not one that any working group participant would want --- but we can make that more clear.  I think Roy's notion is that there are *millions* of different contexts out there, and DNT is a request that servers not merge data across those contexts.
>>
>> I think that most participants would be willing to offer clarifying language on at least that point, but the harder question is what other guidance we want to add.  I think Roy's language is a good starting point, but I'd be interested to hear other ideas.
>>
>> On Dec 18, 2013, at 2:25 PM, David Singer <singer@apple.com> wrote:
>>
>>> The point I made on the call I will put here just for the record.
>>>
>>> We have, in the past, used context to distinguish “first party” and “third party” contexts, i.e. there are only two contexts.  (Well, perhaps also service-provider acting for 1st or 3rd).
>>>
>>> If someone reads this definition of tracking and there is NO definition of context, they might understand
>>>
>>> "the retention, use, or sharing of data derived from that activity outside the context in which it occurred”
>>>
>>> as allowing data collected in “a third party context” and then used or shared also in a “third party context” as staying in the same context, and not tracking.  This is not what Roy writes below or what we intend, but, without a definition, it could be misunderstood that way.
>>>
>>>
>>> On Dec 18, 2013, at 10:37 , Tracking Protection Working Group Issue Tracker <sysbot+tracker@w3.org> wrote:
>>>
>>>> tracking-ISSUE-240 (Context): Do we need to define context? [Tracking Preference Expression (DNT)]
>>>>
>>>> http://www.w3.org/2011/tracking-protection/track/issues/240
>>>>
>>>> Raised by: Justin Brookman
>>>> On product: Tracking Preference Expression (DNT)
>>>>
>>>> The definition of tracking that was adopted by the group includes a concept of "context" that some members have asked that the text define more clearly.
>>>>
>>>> Roy Fielding was the author of this definition, and included this language on context in the Call for Objections poll:
>>>>
>>>> The above definition also depends on there being a definition of context that bounds a scope of user activity, though it is not dependent on any particular definition of that term. For example, something along the lines of: "For the purpose of this definition, a context is a set of resources that share the same data controller, same privacy policy, and a common branding, such that a user would expect that data collected by one of those resources is available to all other resources within the same context."
>>>>
>>>> Alternatively, the group might decide that the common sense meaning of context is sufficient, as it more closely approximates a user's general intent in turning on the Do Not Track signal.
>>>>
>>>> We will continue discussion of this topic on the January 8th call, but we encourage discussion of these (and other) ideas on the list in the meantime.
>>>>
>>>>
>>>>
>>> David Singer
>>> Multimedia and Software Standards, Apple Inc.
>>>
>>>
>>
>>
>>
>

Received on Thursday, 19 December 2013 09:57:25 UTC