RE: DNT:1 and "data append"

John, I continue to have many concerns about a “data append” restriction.  Below, I have addressed what I perceive to be two concerns raised by proponents of a Data Append restriction.  But, I am curious to know if you have additional concerns or comments.


1)      Concern:  In the process of a 1st party acquiring data, the 1st party may inadvertently share data with a third party (namely that a DNT:1 user visited the 1st party’s site).

I believe the standard already addresses this concern as 1st parties are prohibited from sharing data with a 3rd party that it could not otherwise collect for its independent use.  Indeed, many “data appends” are conducted today using a double blind approach so that the 3rd party never sees the 1st party data.  In some cases, the 3rd party may see the data, but it would be contractually prohibited from using the data for its own use.  Thus, it could qualify under the service provider provision (contract + no independent right to use data).  Regardless of today’s practices, the prohibition on 1st parties sharing data would address this concern.


2)      Concern:  1st parties should be prohibited from building profiles about its users.

My concern with this kind of prohibition is that it would be completely inappropriate and out of scope for DNT.  In a world where 1st parties cannot share data and 3rd parties cannot collect data about DNT:1 users, there are only certain kinds of data sets that would remain available to be appended – publicly available data, data collected with consent, off-line data and pre-DNT data.  I think there is broad agreement that none of these data sets should be restricted by DNT.  Moreover, we have already largely exempted 1st parties from DNT, because consumers have different expectations with regard to 1st parties.  They have a direct relationship with the 1st party since they chose to visit the site and consumers have fundamental choices about the sites they can visit (or not visit).

Also, let’s take this one step further – what happens after a publisher has learned more about its audience?  Under the rules of DNT, it still cannot share data about DNT:1 users.  So, how would a publisher use this appended data set for its internal purposes?  There are a few ways it would be used – 1st party marketing, audience measurement and content personalization are the primary purposes.  IMO, none of these uses violate a user’s expectations.

In summary, I think DNT is useful because it provides a clean, easy way to express a preference with regard to 3rd party data collection.  We should remain focused on providing this basic functionality.


From: Ian Fette (イアンフェッティ) [mailto:ifette@google.com]
Sent: Tuesday, March 19, 2013 1:05 PM
To: David Singer
Cc: Working Group
Subject: Re: DNT:1 and "data append"

David,

John's text was explicitly proposing restrictions on first parties. ("A 1st Party MUST NOT...")

On Mon, Mar 18, 2013 at 6:16 PM, David Singer <singer@apple.com<mailto:singer@apple.com>> wrote:

On Mar 18, 2013, at 15:52 , Ian Fette (イアンフェッティ) <ifette@google.com<mailto:ifette@google.com>> wrote:


Presumably there would be some carve-outs here? E.g. if you come to my site with DNT1 and buy something with me,

then the site just became a first party (unless somehow the user can buy without knowingly interacting with the site…), and there are few rules for you...

John, can you back up a bit and remind me what the scenario is that troubles you, and then I can try to be more helpful...


I'm going to share identifiable information with FedEx so that they can deliver your product...

On Mon, Mar 18, 2013 at 3:44 PM, John Simpson <john@consumerwatchdog.org<mailto:john@consumerwatchdog.org>> wrote:
Colleagues,

I wanted to propose some privacy friendly text that would cover the "data append" situation when DNT:1 is sent.  I think others are working on possible language,  but I wanted to make my proposed language available for consideration and discussion.

Normative
When DNT:1 is received:

-- A 1st Party MUST NOT share share identifiable data with another party.
-- A 1st Party MUST NOT combine identifiable data from another party with data it has collected while a 1st Party.


Cheers,
John

---------
John M. Simpson
Privacy Project Director
Consumer Watchdog
2701 Ocean Park Blvd., Suite 112
Santa Monica, CA, 90405
Tel: 310-392-7041<tel:310-392-7041>
Cell: 310-292-1902<tel:310-292-1902>
www.ConsumerWatchdog.org<http://www.consumerwatchdog.org/>
john@consumerwatchdog.org<mailto:john@consumerwatchdog.org>








David Singer
Multimedia and Software Standards, Apple Inc.