Re: June Change proposal: definition of first party (Issue-10) from Thomas Roessler on 2013-06-30 (public-tracking@w3.org from June 2013)

From: Thomas Roessler <tlr@w3.org>
Date: Mon, 1 Jul 2013 00:22:12 +0200
To: Justin Brookman <jbrookman@cdt.org>
Cc: "Lee Tien" <tien@eff.org>, "Nicholas Doty" <npdoty@w3.org>, "public-tracking@w3.org public-tracking@w3.org" <public-tracking@w3.org>
Message-Id: <75363EA6-42B6-42F5-B507-44FC6B716E7C@w3.org>
Noted:
	http://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_Party_Definitions

Thanks,

Thomas Roessler, W3C <tlr@w3.org> (@roessler)




On 2013-06-26, at 13:49 +0200, Justin Brookman <jbrookman@cdt.org> wrote:

> We originally were proponents of the idea that non-commonly branded affiliates should not be considered the same party.  However, we agreed to compromise on the definition of "party" and that language has been stable for months (if not years).  I do not believe it is productive to revisit the point at this stage.  I recommend NO CHANGE.
> 
> (And no, for those of you who are worried, I do not intend to annotate every single CHANGE request that comes in . . .)
> From: Lee Tien [mailto:tien@eff.org]
> To: Nicholas Doty [mailto:npdoty@w3.org]
> Cc: public-tracking@w3.org public-tracking@w3.org [mailto:public-tracking@w3.org]
> Sent: Wed, 26 Jun 2013 05:03:56 -0500
> Subject: Re: June Change proposal: definition of first party (Issue-10)
> 
> Nick, the intent behind the change is that affiliates would not be the same party. 
> 
> Lee
> 
> Sent from my iPhone
> 
> On Jun 25, 2013, at 11:55 PM, Nicholas Doty <npdoty@w3.org> wrote:
> 
> > Hi Lee,
> > 
> > I've moved ISSUE-10 to the Compliance June product; I believe that existing issue closely tracks the topic of this change. That issue is currently open, although I think we intended to move it to Pending Review Stable (post an action for additional review from Jeff Chester), to reflect the apparent stability around "intentional interaction".
> > 
> > I've set up a wiki page for this proposal:http://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_Party_Definitions
> > The wiki page also has the text from the editors' draft, for comparison.
> > 
> > I've chosen a generic title to cover the three definitions you propose (on party, first party and third party), but it may be that your concern is particularly around the first party definition. In particular, "Otherwise, a party is a third party" seems to fairly closely match the editors' draft "A third party is any party other than a first party, service provider, or the user." 
> > 
> > Finally, is your intention in proposing to remove the details of affiliate requirements and easy discoverability a suggestion that we should not allow affiliates to qualify as the same party or a proposal that we simply not detail the requirements around affiliates?
> > 
> > Thanks,
> > Nick
> > 
> > On Jun 25, 2013, at 7:03 PM, Lee Tien <tien@eff.org> wrote:
> > 
> >> This proposed language is directly from the EFF/Stanford/Mozilla proposal:
> >> 
> >> "A first party is any party, in a specific network interaction, that can infer with high probability that the user knowingly and intentionally communicated with it. Otherwise, a party is a third party.
> >> 
> >> A third party is any party, in a specific network interaction, that cannot infer with high probability that the user knowingly and intentionally communicated with it."
> >> 
> >> * * *
> >> 
> >> As a corollary, I question whether the definition of party remains consensus. 
> >> 
> >> "A party is any commercial, nonprofit, or governmental organization, a subsidiary or unit of such an organization, or a person. For unique corporate entities to qualify as a common party with respect to this document, those entities must be commonly owned and commonly controlled and must provide easy discoverability of affiliate organizations. An list of affiliates must be provided within one click from each page or the entity owner clearly identified within one click from each page."
> >> 
> >> I propose we keep only the first sentence. 
> >> 
> >> "A party is any commercial, nonprofit, or governmental organization, a subsidiary or unit of such an organization, or a person."
> >> 
> >> This BTW links up with the language on multiple first parties:
> >> 
> >> 3.5.1 Multiple First Parties
> >> 
> >> In most network interactions, there will be only one first party with which the user intends to interact. However, in some cases, a network resource will be jointly operated by two or more parties, and a user would reasonably expect to communicate with all of them by accessing that resource. User understanding that multiple parties operate a particular resource could be accomplished through inclusion of multiple parties' brands in a domain name, or prominent branding on the resource indicating that multiple parties are responsible for content or functionality on the resource with which a user reasonably would expect to interact by accessing the resource. Simple branding of a party, without more, will not be sufficient to make that party a first party in any particular network interaction.
> >> 
> >> Comment: Speaking only for myself, I was uncomfortable with the inclusion of affiliates within the party definition, but could have accepted it as part of our compromise proposal (which sad to say didn't get traction). The text on multiple first parties is even more expansive, but might be tolerable if party and first party are appropriately scoped per the above. 
> >> 
> >> -- 
> >> Lee Tien
> >> Senior Staff Attorney
> >> Electronic Frontier Foundation
> >> 815 Eddy Street
> >> San Francisco, CA 94109
> >> (415) 436-9333 x 102 (tel)
> >> (415) 436-9993 (fax)
> >> tien@eff.org
> >
Received on Sunday, 30 June 2013 22:22:18 UTC