W3C home > Mailing lists > Public > public-tracking@w3.org > November 2013

Re: Consolidated Proposal for Definition of Collect

From: Dobbs, Brooks <Brooks.Dobbs@kbmg.com>
Date: Fri, 1 Nov 2013 14:26:48 +0000
To: Walter van Holst <walter.van.holst@xs4all.nl>, "public-tracking@w3.org" <public-tracking@w3.org>
Message-ID: <CE9927DB.10D5B1%brooks.dobbs@kbmg.com>
Walter,

I agree these are compliance issues but they seem to now be tied to
definitions we've moved to the new 3.5, "TePliance" doc.

To be clear, I am not trying to completely remove a first party's
responsibility for what they induce, facilitate or whatever the word, but
"share" (and relatedly collect) are the wrong words!  You could have a
hypothetical site which has no forms and all logging turned off and no 3rd
party service providers (in my mind zero collection) meet a definition of
collecting simply by including social media icons.

We may or may not have strong agreement on facilitator responsibilities,
but I do hear a common refrain that we must bring more definitions into a
TPE if that TPE is meant to apply to a single compliance doc.  IMHO for
either a poll 3 or 4 approach to work the TPE must be written in such a
way that it can stand on its own.  Right now it appears we are struggling
with the 2 potential ways of achieving this:
1) piecemeal moving a compliance doc into the TPE, TePliance - which in
fairness is NOT option 3.5 but rather a renamed option 1, or
2) writing the TPE in a way that it doesn't assume anything from the
compliance doc but is written generally to allow for multiple compliance
standards, including one which may come from this group.



-Brooks


-- 

Brooks Dobbs, CIPP | Chief Privacy Officer | KBM Group | Part of the
Wunderman Network
(Tel) 678 580 2683 | (Mob) 678 492 1662 | kbmg.com
brooks.dobbs@kbmg.com



This email  including attachments  may contain confidential information.
If you are not the intended recipient,
 do not copy, distribute or act on it. Instead, notify the sender
immediately and delete the message.



On 11/1/13 6:09 AM, "Walter van Holst" <walter.van.holst@xs4all.nl> wrote:

>On 01/11/2013 11:02, David Singer wrote:
>> OK, maybe a concrete question.  If I (a first party) write a page
>> that pulls in a third-party resource, this causes clients who visit
>> my page also to contact that third party.  Lee is saying that that
>> constitutes "sharing" by the first party, even though the transaction
>> from client to third party never came actually "through" the first
>> party.  It's sort of an inducement, or the like.
>> 
>> Do we need to define this?  Is it really 'share', and an inducement
>> to share?  Anyway, the first party will not re-write pages for DNT
>> users, I doubt.
>
>It reeks more of induced collection than of sharing. For all intents and
>purposes, the third party does not receive the data through the first
>party, but directly from the UA.
>
>It is more a matter for a compliance spec to attach consequences to this
>than for the TPE.
>
>Regards,
>
> Walter
>
>
Received on Friday, 1 November 2013 14:26:27 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:45:20 UTC