- From: Rigo Wenning <rigo@w3.org>
- Date: Wed, 20 Mar 2013 22:11:23 +0100
- To: Mike O'Neill <michael.oneill@baycloud.com>
- Cc: 'Jeffrey Chester' <jeff@democraticmedia.org>, 'Chris Pedigo' <CPedigo@online-publishers.org>, public-tracking@w3.org, ifette@google.com, 'David Singer' <singer@apple.com>
Mike, good point. But if they collect that identifier in a first party context, they can't share it with the third party. Thus the third party can not use that identifier to select the appropriate profile data to deliver to the first party. Because otherwise, the third party would get the information that user cookie xyz1234 is now visiting example.com. So if they share uniqueID with third parties or offline data providers under data append strategies, that would not be conformant under the current specification IMHO. I still think they are saying the same thing. It may be that some still believed that the current text would allow append. I don't think it does as it rules out necessary preparation steps for data append. --Rigo On Wednesday 20 March 2013 20:31:22 Mike O'Neill wrote: > The problem I have with the data append concept, when DNT is set, is > that a unique user identifier needs to be shared between the parties, > in order that the appended data can be connected to a specific user. > So personal data (cookie identifiers, IP addresses etc. > are considered personal data in the EU) has to be shared to make it > work, perhaps with other collected data such as the URI (passed for > example in a Referer(sic) header). If one of the parties is a data > processor for the data controller, then this could be indicated using > David's service-provider mechanism and no further exemption is > needed. Have you a specific example which does not require sharing a > UID or other personal data (and no service provider contracts are in > place)?
Received on Wednesday, 20 March 2013 21:11:54 UTC