- From: John Simpson <john@consumerwatchdog.org>
- Date: Tue, 19 Mar 2013 14:42:37 -0700
- To: David Singer <singer@apple.com>
- Cc: ifette@google.com, Working Group <public-tracking@w3.org>
- Message-Id: <F34CACD3-CBD3-4638-8635-0EE555B2B453@consumerwatchdog.org>
David,
As I understand it, some sites take the data they have gathered as a 1st party and append to it data that they have obtained elsewhere -- perhaps from a data broker. I'm saying that as a user I expect to engage with a 1st party site. I understand that the site will gather data about my visit there. What I would not expect with DNT:1 is that the 1st party site would go elsewhere to obtain data and "append" it to the information about my visit to the site.
Does that make sense?
Best,
John
On Mar 19, 2013, at 1:55 PM, David Singer <singer@apple.com> wrote:
> Yes, I get that, but the example given of FedEx doesn't make sense to me. DNT is about the communication between users (and their user-agents) and sites/servers. Unless FedEx were *also* a 3rd party on the 1st party site, then what the first communicates to them (or anyone else, including posterity in their memoirs) is a concern for the privacy policy, not DNT.
>
> 'Data append' doesn't give me enough … um … data … about who wants to append what data to what other data.
>
> Is this about the data a 1st party site sees, and appending to previously collected data as a 1st party? (If DNT:1 is set, then there isn't any previous 3rd party data). If so, I can't see any reason for a set of rules, or a set that would work.
>
> Is this about data a 3rd party site sees, and it has data collected as a 1st party? The rules are fairly clear, I think, on that also.
>
> Is this about data that the 1st party sees, and passes to a 3rd party for them to add? The rules seem clear on both the passing and the retention there, also.
>
> Someone clue me in what the question/scenario is?
>
> On Mar 19, 2013, at 10:04 , Ian Fette (イアンフェッティ) <ifette@google.com> wrote:
>
>> David,
>>
>> John's text was explicitly proposing restrictions on first parties. ("A 1st Party MUST NOT...")
>>
>>
>> On Mon, Mar 18, 2013 at 6:16 PM, David Singer <singer@apple.com> wrote:
>>
>> On Mar 18, 2013, at 15:52 , Ian Fette (イアンフェッティ) <ifette@google.com> wrote:
>>
>>> Presumably there would be some carve-outs here? E.g. if you come to my site with DNT1 and buy something with me,
>>
>> then the site just became a first party (unless somehow the user can buy without knowingly interacting with the site…), and there are few rules for you...
>>
>> John, can you back up a bit and remind me what the scenario is that troubles you, and then I can try to be more helpful...
>>
>>> I'm going to share identifiable information with FedEx so that they can deliver your product...
>>>
>>>
>>> On Mon, Mar 18, 2013 at 3:44 PM, John Simpson <john@consumerwatchdog.org> wrote:
>>> Colleagues,
>>>
>>> I wanted to propose some privacy friendly text that would cover the "data append" situation when DNT:1 is sent. I think others are working on possible language, but I wanted to make my proposed language available for consideration and discussion.
>>>
>>> Normative
>>> When DNT:1 is received:
>>>
>>> -- A 1st Party MUST NOT share share identifiable data with another party.
>>> -- A 1st Party MUST NOT combine identifiable data from another party with data it has collected while a 1st Party.
>>>
>>>
>>> Cheers,
>>> John
>>>
>>> ---------
>>> John M. Simpson
>>> Privacy Project Director
>>> Consumer Watchdog
>>> 2701 Ocean Park Blvd., Suite 112
>>> Santa Monica, CA, 90405
>>> Tel: 310-392-7041
>>> Cell: 310-292-1902
>>> www.ConsumerWatchdog.org
>>> john@consumerwatchdog.org
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>
>> David Singer
>> Multimedia and Software Standards, Apple Inc.
>>
>>
>
> David Singer
> Multimedia and Software Standards, Apple Inc.
>
Received on Tuesday, 19 March 2013 21:43:07 UTC