W3C home > Mailing lists > Public > public-tracking@w3.org > March 2013

RE: DNT:1 and "data append"

From: Shane Wiley <wileys@yahoo-Inc.com>
Date: Tue, 19 Mar 2013 21:50:29 +0000
To: John Simpson <john@consumerwatchdog.org>, David Singer <singer@apple.com>
CC: "ifette@google.com" <ifette@google.com>, Working Group <public-tracking@w3.org>
Message-ID: <DCCF036E573F0142BD90964789F720E313670BD3@GQ1-EX10-MB03.y.corp.yahoo.com>
John,

While I understand your concern, I’m not sure this particular issue is solved by DNT as it occurs in the 1st party context and is focused on the receipt of information, not the distribution.  If a user has opted-out of a data broker (that states they support DNT), I would think that would halt the sharing (append) to other parties.

- Shane

From: John Simpson [mailto:john@consumerwatchdog.org]
Sent: Tuesday, March 19, 2013 2:43 PM
To: David Singer
Cc: ifette@google.com; Working Group
Subject: Re: DNT:1 and "data append"

David,

As I understand it, some sites take the data they have gathered as a 1st party and append to it data that they have obtained elsewhere -- perhaps from a data broker.  I'm saying that as a user I expect to engage with a 1st party site.  I understand that the site will gather data about my visit there.  What I would not expect with DNT:1 is that the 1st party site would go elsewhere to obtain data and "append" it to the information about my visit to the site.

Does that make sense?

Best,
John


On Mar 19, 2013, at 1:55 PM, David Singer <singer@apple.com<mailto:singer@apple.com>> wrote:


Yes, I get that, but the example given of FedEx doesn't make sense to me.  DNT is about the communication between users (and their user-agents) and sites/servers.  Unless FedEx were *also* a 3rd party on the 1st party site, then what the first communicates to them (or anyone else, including posterity in their memoirs) is a concern for the privacy policy, not DNT.

'Data append' doesn't give me enough … um … data … about who wants to append what data to what other data.

Is this about the data a 1st party site sees, and appending to previously collected data as a 1st party?  (If DNT:1 is set, then there isn't any previous 3rd party data).  If so, I can't see any reason for a set of rules, or a set that would work.

Is this about data a 3rd party site sees, and it has data collected as a 1st party?  The rules are fairly clear, I think, on that also.

Is this about data that the 1st party sees, and passes to a 3rd party for them to add?  The rules seem clear on both the passing and the retention there, also.

Someone clue me in what the question/scenario is?

On Mar 19, 2013, at 10:04 , Ian Fette (イアンフェッティ) <ifette@google.com<mailto:ifette@google.com>> wrote:


David,

John's text was explicitly proposing restrictions on first parties. ("A 1st Party MUST NOT...")

On Mon, Mar 18, 2013 at 6:16 PM, David Singer <singer@apple.com<mailto:singer@apple.com>> wrote:

On Mar 18, 2013, at 15:52 , Ian Fette (イアンフェッティ) <ifette@google.com<mailto:ifette@google.com>> wrote:


Presumably there would be some carve-outs here? E.g. if you come to my site with DNT1 and buy something with me,

then the site just became a first party (unless somehow the user can buy without knowingly interacting with the site…), and there are few rules for you...

John, can you back up a bit and remind me what the scenario is that troubles you, and then I can try to be more helpful...


I'm going to share identifiable information with FedEx so that they can deliver your product...

On Mon, Mar 18, 2013 at 3:44 PM, John Simpson <john@consumerwatchdog.org<mailto:john@consumerwatchdog.org>> wrote:
Colleagues,

I wanted to propose some privacy friendly text that would cover the "data append" situation when DNT:1 is sent.  I think others are working on possible language,  but I wanted to make my proposed language available for consideration and discussion.

Normative
When DNT:1 is received:

-- A 1st Party MUST NOT share share identifiable data with another party.
-- A 1st Party MUST NOT combine identifiable data from another party with data it has collected while a 1st Party.


Cheers,
John

---------
John M. Simpson
Privacy Project Director
Consumer Watchdog
2701 Ocean Park Blvd., Suite 112
Santa Monica, CA, 90405
Tel: 310-392-7041<tel:310-392-7041>
Cell: 310-292-1902<tel:310-292-1902>
www.ConsumerWatchdog.org<http://www.consumerwatchdog.org/>
john@consumerwatchdog.org<mailto:john@consumerwatchdog.org>









David Singer
Multimedia and Software Standards, Apple Inc.



David Singer
Multimedia and Software Standards, Apple Inc.


Received on Tuesday, 19 March 2013 21:51:16 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:45:07 UTC