Re: June Change Proposal, third party compliance from David Singer on 2013-06-24 (public-tracking@w3.org from June 2013)

From: David Singer <singer@apple.com>
Date: Mon, 24 Jun 2013 08:28:17 -0700
To: Nicholas Doty <npdoty@w3.org>
Cc: "public-tracking@w3.org Mailing List" <public-tracking@w3.org>
Message-id: <9258CB66-CAC1-470D-B9D6-C93E3D306A32@apple.com>

On Jun 24, 2013, at 1:15 , Nicholas Doty <npdoty@w3.org> wrote:

> Hi David,
> 
> I've create ISSUE-203 to the Compliance June product; a new issue for the topic of this change.
> 
> I've set up a wiki page for this proposal: http://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_Tracking_Third_Party_Compliance 
> 
> As a question on the substance of the proposal, I'm not sure about your distinction between exceptions and consent. Doesn't the editors' draft "explicitly-granted exceptions, provided in accordance with the requirements of this standard" cover the case of out-of-band consent?

I  think that the terminology is that exceptions are a signal sent with the transaction (DNT:0), and hence are in-band.  Out-of-band consent is consent that is derived and known/signalled through some other mechanism, out of (our) band.  So, my understanding is that the answer to your question is 'no'.

> 
> Thanks,
> Nick
> 
> On Jun 20, 2013, at 3:25 PM, David Singer <singer@apple.com> wrote:
> 
>> Problem
>> 
>> "If a third party receives a DNT: 1 signal, then:
>> 
>> 	• the third party must not collect, retain, share, or use information related to the network interaction as part of which it received the DNT: 1 signal outside of the permitted uses as defined within this standard and any explicitly-granted exceptions provided in accordance with the requirements of this standard;
>> 	• the third party must not use information about previous network interactions in which it was a third party, outside of the permitted uses as defined within this standard and any explicitly-granted exceptions, provided in accordance with the requirements of this standard."
>> 
>> 
>> 1) We imply but nowhere say, that what third parties must do under DNT:1 is to reduce 'tracking', as defined.
>> 2) We don't allow out-of-band-consent.
>> 3) Exceptions don't need to be mentioned, as they cause DNT:0 to be sent, not DNT:1.
>> 
>> Proposal
>> 
>> Insert 'tracking' twice and remove exceptions:
>> 
>> If a third party receives a DNT: 1 signal, then, unless it has consent from the user:
>> 
>> 	• the third party must not collect, retain, share, or use tracking information related to the network interaction as part of which it received the DNT: 1 signal outside of the permitted uses as defined within this standard;
>> 	• the third party must not use tracking information about previous network interactions in which it was a third party, outside of the permitted uses as defined within this standard.
>> 
>> 
>> David Singer
>> Multimedia and Software Standards, Apple Inc.
>> 
>> 
> 

David Singer
Multimedia and Software Standards, Apple Inc.

Received on Monday, 24 June 2013 15:28:52 UTC