W3C home > Mailing lists > Public > public-tracking@w3.org > March 2013

Re: DNT:1 and "data append"

From: Nicholas Doty <npdoty@w3.org>
Date: Tue, 26 Mar 2013 22:06:36 -0700
Cc: Mike O'Neill <michael.oneill@baycloud.com>, 'Jeffrey Chester' <jeff@democraticmedia.org>, 'Chris Pedigo' <CPedigo@online-publishers.org>, public-tracking@w3.org, ifette@google.com, 'David Singer' <singer@apple.com>
Message-Id: <B914718E-6309-4143-BD5C-4C9CB9867719@w3.org>
To: Rigo Wenning <rigo@w3.org>

On Mar 20, 2013, at 2:11 PM, Rigo Wenning <rigo@w3.org> wrote:

> Mike, 
> good point. But if they collect that identifier in a first party 
> context, they can't share it with the third party. Thus the third party 
> can not use that identifier to select the appropriate profile data to 
> deliver to the first party. Because otherwise, the third party would get 
> the information that user cookie xyz1234 is now visiting example.com. 
> So if they share uniqueID with third parties or offline data providers 
> under data append strategies, that would not be conformant under the 
> current specification IMHO. 
> I still think they are saying the same thing. It may be that some still 
> believed that the current text would allow append. I don't think it does 
> as it rules out necessary preparation steps for data append. 

I believe this requires some assumptions (including assumptions that may be empirically incorrect) about how data append is accomplished.

As Chris has pointed out earlier on this thread and during past calls, it is possible (using cryptographic techniques, or as Chris put it "double blind") where matching of records can be done without revealing your list of identifiers to the other party. Or, a party might have obtained a full data set from a third party which already include the identifiers -- then the first party matches the identifier against the data set to learn more about the user (their address, their shopping habits, etc.) to personalize the first-party content.

Second, Chris has proposed the possibility that the additional data provider could act as a service provider to the first party -- in that situation, the first party shares the identifiers in the clear (rather than through the cryptographic protocol) with the service provider, who is enforced by contract not to re-share them or use them independently. The service provider uses that list of identifiers to look up matching records in their data set and return data about the user (shopping habits, change of address info, etc.) with the first party.

Hope this helps,
Received on Wednesday, 27 March 2013 05:06:46 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:45:07 UTC