Re: RE: DNT:1 and "data append" from Rigo Wenning on 2013-03-20 (public-tracking@w3.org from March 2013)

From: Rigo Wenning <rigo@w3.org>
Date: Wed, 20 Mar 2013 16:53:55 +0100
To: public-tracking@w3.org
Cc: Chris Pedigo <CPedigo@online-publishers.org>, "ifette@google.com" <ifette@google.com>, David Singer <singer@apple.com>
Message-ID: <16236696.gZGRNVLnxy@hegel.sophia.w3.org>

Hi all, 

I see a lot of agreement here. 

John says we need explicit limits on 1st parties. 

Dan Auerbach and Chris Pedigo explain that a first party can collect 
data for the service and their own profile, but can not share and not 
merge data from the first and third party context they are in. This 
would achieve the same. But it is not ultimately comprehensive. 
Spec says: 

The first party must not pass information about this transaction to non-
service provider third parties who could not collect the data themselves 
under this standard.

Remains to find the exact mismatch and concerns: 

1/ Industry wants to personalize, sell, deliver in a first party 
context. If we only want to restrict first party tracking, we have to 
define tracking as Roy suggests. All other collection would be 
permitted, also in a third party context. hmmmmmm.... That would change 
the content of DNT:1 for first and third parties. I would rather not go 
there and leave as is. 

2/ John is concerned that third party tracking hindrance is not 
sufficient as the first party will just combine pre-existing data from 
third parties with its own tracking. This is a valid concern. Because we 
have only the rule that a first party can not share. We do not have the 
rule that shareable data may not be used in a DNT:1 context by the first 
party. This is a loophole. I think this is a valid concern that merits 
discussion. Would this be common practice?

3/ John is concerned that first parties collect too much data. Valid 
concern, but not object of this effort say all others. The Berlin-
discussion has shown that especially friendly first parties, even in 
unregulated environments, could decide in case of DNT:1 to only do 
permitted uses even though they are a first party. Question is then how 
to signal that. For the moment, there is no means, thus a missed 
opportunity IMHO. 

 --Rigo

On Tuesday 19 March 2013 19:19:59 Chris Pedigo wrote:
> John, I continue to have many concerns about a “data append”
> restriction.  Below, I have addressed what I perceive to be two
> concerns raised by proponents of a Data Append restriction.  But, I
> am curious to know if you have additional concerns or comments.

Received on Wednesday, 20 March 2013 15:54:27 UTC