Re: ISSUE-10 First party definition, ISSUE-60, ACTION-?

There is no consensus definition of "first party" --- there are three 
separate ones in the text.  I believe they all say much the same thing 
and I was merely trying to merge them. :)

I believe the group is at consensus that if someone clicks a "Like" 
button, then it is reasonable to expect that Facebook is going to 
receive information that falls outside the scope of Do Not Track 
(namely, that the user 'likes' some particular page or pbject, and now 
FB can display that in Newsfeed and Timeline consistent with the user's 
privacy settings).  If anyone in the working group disagrees with that, 
feel free to speak up. Alexander, if you want to comb through the 
mailing list to see our previous exhaustive discussions on this, you may 
find them informative.  Or you may not, I don't know.

However, you do, obliquely, get to a relevant point --- that perhaps the 
definition should include be revised to say "clearly branded" before 
"embedded widget" in order to make sure that the user knows what she's 
clicking on.  I believe the group had discussed something similar 
previously.  I would be fine with a discussion on what constitutes clear 
branding (I would say things like the Like, Tweet, and +1 buttons 
qualify) in an appendix.

Justin Brookman
Director, Consumer Privacy
Center for Democracy & Technology
tel 202.407.8812

On 2/27/2013 11:01 AM, Alexander Hanff wrote:
> Why is the group second guessing what consumers think?  The definition 
> of first party already exists, there is no need to redefine it in a 
> light which makes it easier for exceptions to be made for tracking 
> widgets.
> Many users will not be remotely aware that a "Like" button is actually 
> hosted by Facebook, they would assume it is hosted on the domain they 
> are visiting.  To assume otherwise is absurd and further weakens the 
> validity of this DNT process.
> Alexander Hanff
> *From:*Justin Brookman []
> *Sent:* 27 February 2013 16:52
> *To:*
> *Subject:* ISSUE-10 First party definition, ISSUE-60, ACTION-?
> Peter asked me to try to combine the three definitions of "first 
> party" in the current text in consultation with Heather.  The existing 
> definitions are all very close, and I don't think there are major 
> substantive disagreements here. Anyway, here is my best effort 
> (Heather provided feedback, but she's not around this morning, so I 
> don't know if she blesses this):
> *In a specific network interaction, if a party can reasonably conclude 
> with high probability that the user intends to communicate with it, 
> that party is a <dfn>first party</dfn>.  In most cases on a 
> traditional web browser, the first party will be the party that owns 
> and operates the domain visible in the address bar.  A first party 
> also includes a party that owns and operates an embedded widget, 
> search box, or similar service with which a user intentionally 
> interacts.  If a user merely mouses over, closes, or mutes such 
> content, that is not sufficient interaction to render the party a 
> first party.*
> Rob Sherman is separately working on text regarding multiple first 
> parties.
> Chris Pedigo and Vinay Goel are separately working on text regarding 
> data processors that stand in the shoes of their controllers, party-wise.
> -- 
> Justin Brookman
> Director, Consumer Privacy
> Center for Democracy & Technology
> tel 202.407.8812
>  <>
> @JustinBrookman
> @CenDemTech

Received on Wednesday, 27 February 2013 16:34:57 UTC