W3C home > Mailing lists > Public > public-tracking@w3.org > March 2013

Re: DNT:1 and "data append"

From: John Simpson <john@consumerwatchdog.org>
Date: Wed, 27 Mar 2013 12:27:56 -0700
Cc: Nicholas Doty <npdoty@w3.org>, "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
Message-Id: <A3F70DCC-1A09-430A-B158-335C1FD98553@consumerwatchdog.org>
To: Alan Chapell <achapell@chapellassociates.com>
Alan,

I completely agree with your analysis and believe language I suggested makes that clear.  I understand others are working on data append text and hope my text could be merged with that.  Again, here is my proposed text:

Normative:

When DNT:1 is received:
-- A 1st Party MUST NOT share share identifiable data with another party unless the data was provided voluntarily by the user and is necessary to complete a business transaction with the user.
-- A 1st Party MUST NOT combine identifiable data from another party with data it has collected while a 1st Party.

Cheers,
John

On Mar 27, 2013, at 7:20 AM, Alan Chapell <achapell@chapellassociates.com> wrote:

> Yes, the DNT HTTP header is an expression about an online transaction.
> When DNT is enacted, an online transaction can't be tailored by a profile.
> Whether that profile was derived from 1) a URL string across multiple
> website visits or 2) an offline database should not matter. A User seeking
> not to be tracked while online is unlikely to be able to make such
> distinctions - and neither should we.
> 
> 
> 
> 
> On 3/27/13 1:26 AM, "Nicholas Doty" <npdoty@w3.org> wrote:
> 
>> On Mar 25, 2013, at 12:34 PM, Alan Chapell
>> <achapell@chapellassociates.com> wrote:
>> 
>>> Thanks David. Perhaps this will help clarify where some of the confusion
>>> lay. In any event, I look forward to discussing further on Wednesday.
>>> 
>>> On 3/21/13 3:16 PM, "David Singer" <singer@apple.com> wrote:
>>> 
>>>> I remain somewhat puzzled by this discussion.  Let's see if I can
>>>> explain
>>>> my puzzlement, and maybe the answers will help shed light.
>>>> 
>>>> DNT is an expression about privacy in an online transaction (between a
>>>> user and their user-agent, and a server, over HTTP or similar
>>>> protocols).
>>> 
>>> I recognize that this is the position of some in the group.
>> 
>> Is there disagreement on this part of David's summary? The DNT HTTP
>> header is quite directly an expression about a particular online
>> transaction. The group agreed very early on to make the expression apply
>> to that particular request (which an HTTP header is well-suited for) and
>> not to imply, for example, retroactive deletion.
>> 
>>> It's worth
>>> noting that this is not how DNT is described in the charter. The charter
>>> describes DNT as a "preference expression mechanism ("Do Not Track") and
>>> technologies for selectively allowing or blocking tracking elements."
>>> 
>>> I note that we have chosen not to define tracking or "tracking elements"
>>> in this working group, which may be a reason for some of the confusion.
>> 
>> To provide some context, the text in the charter "selectively allowing or
>> blocking tracking elements" referred to formats for determining white and
>> black listing for blocking purposes; we did some early work on the
>> Tracking Selection Lists specification, working from a submission from
>> Microsoft. The group has subsequently decided to stop work on those
>> deliverables, with the preference for not working on formats that would
>> enable blocking.
>> 
>> While "Do Not Track" in the press or in the terms of some companies has
>> been used to refer to almost any privacy or blocking measure, we have
>> used it here (and the charter follows this convention) to refer to the
>> preference expression mechanism -- where you express the preference "Do
>> Not Track" -- and not to blocking mechanisms, even though lists for
>> selectively blocking HTTP requests were also in scope of the Tracking
>> Protection Working Group.
>> 
>> Hope this provides some clarity,
>> Nick
>> 
> 
> 
Received on Wednesday, 27 March 2013 19:28:29 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:45:07 UTC