Re: RE: DNT:1 and "data append"

Mike, 

good point. But if they collect that identifier in a first party 
context, they can't share it with the third party. Thus the third party 
can not use that identifier to select the appropriate profile data to 
deliver to the first party. Because otherwise, the third party would get 
the information that user cookie xyz1234 is now visiting example.com. 

So if they share uniqueID with third parties or offline data providers 
under data append strategies, that would not be conformant under the 
current specification IMHO. 

I still think they are saying the same thing. It may be that some still 
believed that the current text would allow append. I don't think it does 
as it rules out necessary preparation steps for data append. 

 --Rigo

On Wednesday 20 March 2013 20:31:22 Mike O'Neill wrote:
> The problem I have with the data append concept, when DNT is set, is
> that a unique user identifier needs to be shared between the parties,
> in order that the appended data can be connected to a specific user.
> So personal data (cookie identifiers, IP addresses etc.
> are  considered personal data in the EU) has to be shared to make it
> work, perhaps with other collected data such as the URI (passed for
> example in a Referer(sic) header). If one of the parties is a data
> processor for the data controller, then this could be indicated using
> David's service-provider mechanism and no further exemption is
> needed. Have you a specific example which does not require sharing a
> UID or other personal data (and no service provider contracts are in
> place)?

Received on Wednesday, 20 March 2013 21:11:54 UTC