Re: service provider definition/context Re: June Draft of the DNT compliance spec

Hi Nick,

Thanks for the suggestion!  If I remember correctly, Chris Pedigo and I initially tried that but was told that this wouldn't work for many service providers because many service providers take all of the data in and then sort the data per client (and do other processing on behalf of the client) after the specific interaction is complete.

I believe Roy raised this in IRC.  Roy -- did I capture that correctly?

-Vinay

On Jun 24, 2013, at 1:38 AM, Nicholas Doty <npdoty@w3.org<mailto:npdoty@w3.org>> wrote:

Hi Vinay,

Perhaps we could take the same approach as with the other party definitions, which is to define them within the context of a specific interaction. That is, could we start the definition with the same clause that starts the first-party definition:
   "In the context of a specific network interaction,"

óNick

On Jun 10, 2013, at 9:03 AM, Vinay Goel <vigoel@adobe.com<mailto:vigoel@adobe.com>> wrote:

Hi Peter and staff,

Thanks for all of the time/effort you guys have put into this.  Quick question on the definition of Service Provider.  What is your/the group's opinion on deleting the word only in (1) below?  My concern over the word only is that the service provider acts on behalf of many clients, not just one.  And, the service provider may in fact be a data controller (collecting/using data for its own purposes) on its own sites for its own marketing programs.  I know I'm being picky here, but to me, the word 'only' suggests that the service provider can act on behalf of one company only.  As a suggested change, would you/the group be okay with '(1) is acting as a data processor on behalf of the client;'?  I'm open to other suggested changes as well that makes it clear that a service provider may have other operations (and yes, I realize that when the company is not operating as a data processor on behalf of the client, then it takes on its own set of rules and cannot rely on the rules placed upon the client).

Copied definition:
"An outsourced service provider is considered to be the same party as its client if the
service provider:
1. acts only as a data processor on behalf of the client;
2. ensures that the data can only be accessed and used as directed by that client;
3. has no independent right to use or share the data except as necessary to ensure
the integrity, security, and correct operation of the service being provided; and
4. has a contract in place that outlines and mandates these requirements."

-Vinay

Received on Monday, 24 June 2013 15:30:52 UTC