Re: ACTION 368 - Definition of Service Provider/Data Processor

Jeff and the group:

A couple of observations that I hope can be helpful for the discussion today.

1.  I circulated yesterday a background memo on previous materials in the group about Service Providers.  That includes a link to five use cases that Chris wrote up about third party data going to first parties, also known as "appending."

2.  The agenda for today specifically notes that the "append" issue is related to the definition of service provider or data processor.  Chris' language does not propose text for the spec about append. The agenda says this: "please consider if you wish to propose any approach about appending."

3.  In other words, I am trying to provide clear notice that members of the Group may wish to have text about appending.  If so, today's call is a time to discuss this.



Professor Peter P. Swire
C. William O'Neill Professor of Law
    Ohio State University

From: Jeffrey Chester <<>>
Date: Wednesday, February 27, 2013 10:45 AM
To: Chris Pedigo <<>>
Cc: Tracking Protection Working Group <<>>, Peter Swire <<>>
Subject: Re: Action 368 - Definition of Service Provider/Data Processor

Chris:  Thanks for this.  Could you give the list some examples of service providers/data processors?  For instance, do you consider DSPs, SSPs to be such a provider?  Would they have any limits at all in how much third party data they could provide their client?  Use cases would be useful, so we can understand the dimensions possible in relationship to a meaningful DNT standard.

I missed the Boston meeting, so if this was covered I would appreciate the reference to review.



Jeffrey Chester
Center for Digital Democracy
1621 Connecticut Ave, NW, Suite 550
Washington, DC 20009<><>

On Feb 27, 2013, at 10:35 AM, Chris Pedigo wrote:

Hello all, I worked with Vinay Goel to come up with a definition of Service Provider/Data Processor.  We also solicited feedback from Justin Brookman and Rigo Wenning.  Below is the normative text that we ultimately decided upon.  One of the discussions centered around whether service providers or data processors should be allowed to utilize the Permitted Uses.  We decided not to include that language, because it would not fly in the EU and because it does not appear to be common practice among service providers in the US.  Finally, I am still gathering feedback from my member companies.  So, while expect this language will work for publishers, I am reserving the right to come back with tweaks.  Looking forward to today’s call and the ensuing discussion.

Action 368 – Definition of Service Provider/Data Processor

A Data Processor is any party, in a specific network interaction, that both operates on behalf of another party and meets the following conditions:
- Data that is collected and/or retained is separated by both technical means and organizational process, AND
- Uses and shares data only as directed by that other party, AND
- Enters into a contract with the other party that outlines and mandates these requirements.

A Data Processor is subject to the same restrictions as the other party.  If a Data Processor were to violate any of these conditions, it will then be a third party.

Chris Pedigo
VP, Government Affairs
Online Publishers Association
(202) 744-2967

Received on Wednesday, 27 February 2013 15:58:42 UTC