Re: DNT:1 and "data append"

I remain somewhat puzzled by this discussion.  Let's see if I can explain my puzzlement, and maybe the answers will help shed light.

DNT is an expression about privacy in an online transaction (between a user and their user-agent, and a server, over HTTP or similar protocols).

The compliance document basically discusses a few areas about 'personally derived or attributable' data derived from these transactions:
* retention; can the server hold on to it
* use; once retained, what can it be used for (notably, when claiming a permission)
* sharing; can the data be shared (both under the permissions, and to a limited extent on first parties sharing with third)

It seems to be that *other* data about individuals, unless it is derived from this data, is off the table for the DNT discussion.  I have little doubt that there could be privacy implications of collecting or using this other data, but it's not data in the DNT scope, I think.

Examples include:
* from the person's identity, looking up other data about them that is public
* from the user-agent and protocol information, making deductions (e.g. converting IP address into location and time-of-day)
* from this transaction record and other records held, working out who this might be, or relationships (e.g. it's usually Dave who uses this device, and other people and their devices use this same IP address, which we know is in this ISP's domestic service block, so they probably live together)
* gathering data from others who have information that correlates (by user-agent, IP address, person, etc.) and adding that in

 
So, my puzzlement:  who (a first or third party in an HTTP or similar transaction, to be in our scope) is appending what data that is derived from an HTTP or similar transaction, to what data-set?

I'm looking for not only a privacy problem, but one that involves end-points and data that are participants in a DNT-aware transaction…

Dan's given a concrete example:

On Mar 19, 2013, at 15:46 , Dan Auerbach <dan@eff.org> wrote:

> Thanks for sending out the text, John. I think it would be conceptually clean if the "data append" discussion were to also cover linking of data received as a first party with data received as a third party.
> 
> Here's a concrete example. ExampleSocial has widgets embedded on other sites all over the web. A user who is signed into ExampleSocial may ordinarily get a personalized experience when browsing ("omg, here are your friends who also love justinbiebertotallyrules.com"). For DNT:1 users with no site exception for ExampleSocial, we must ensure that ExampleSocial cannot link the data it has received as a third-party with first party data. In other words, even if ExampleSocial receives a session cookie (or tracking cookie), is it NOT allowed to use that cookie to retrieve personal information in order to display a personalized widget on justinbiebertotallyrules.com, or in any way link any information from the request it receives on the third party site with first-party data. If we forbid ExampleSocial this linking, we of course will have forbidden data append in this instance.
> 
> Dan
> 
> PS Miraculously, justinbiebertotallyrules.com doesn't appear to be a registered domain. Yet.

I think that when examplesocial.org appears as a third-party and receives dnt:1 (because the user has set it and examplesocial do not have a web-wide exception, or site-specific exception on this site, from this user), it cannot track the user;  meaning, no "data append" of data concerning this transaction to their record.

I'd have to read the spec. carefully to see whether the site can still *use* the data it has in hand e.g. to identify you in real-time; my recollection is that it can, though I would suggest that providing a real-time personalized experience to someone who has asked not to be tracked may be … imprudent.


David Singer
Multimedia and Software Standards, Apple Inc.

Received on Thursday, 21 March 2013 19:16:55 UTC