- From: Shane M Wiley <wileys@yahoo-inc.com>
- Date: Fri, 1 Nov 2013 14:42:58 +0000
- To: Vinay Goel <vigoel@adobe.com>, "Dobbs, Brooks" <Brooks.Dobbs@kbmg.com>, Walter van Holst <walter.van.holst@xs4all.nl>, "public-tracking@w3.org" <public-tracking@w3.org>
- Message-ID: <DCCF036E573F0142BD90964789F720E3141E1A93@GQ1-MB01-02.y.corp.yahoo.com>
Vinay, This is definitely the right direction but, as I noted earlier, there doesn't appear to be any difference between 'collect' and 'retain' in this framework so why have two definitions of the same thing? - Shane From: Vinay Goel [mailto:vigoel@adobe.com] Sent: Friday, November 01, 2013 7:38 AM To: Dobbs, Brooks; Walter van Holst; public-tracking@w3.org Subject: Re: Consolidated Proposal for Definition of Collect Hi all, I think more of us are converging on the idea that share is the wrong work for facilitate/induce. To start the ball rolling, how do these definitions look: * A party collects data received in a network interaction if it retains that data after the network interaction is complete. <from Roy's suggested tweaks to the compromise change proposal, but removed the sharing aspect> * A party retains data if the data remains within the party's control after the network interaction during which it was collected is complete. <from Lee's change proposal> * A party uses data if the party processes the data for any purpose other than storage or merely forwarding it to another party. <from editor's draft> * A party shares data if it transfers or provides a copy of data that it has collected to any other party. <from Amy's change proposal; takes out the facilitating aspect> * A party facilitates tracking within a network interaction if it enables any other party to collect data itself. <just created this> Thoughts? -Vinay On 11/1/13, 10:26 AM, "Dobbs, Brooks" <Brooks.Dobbs@kbmg.com<mailto:Brooks.Dobbs@kbmg.com>> wrote: Walter, I agree these are compliance issues but they seem to now be tied to definitions we've moved to the new 3.5, "TePliance" doc. To be clear, I am not trying to completely remove a first party's responsibility for what they induce, facilitate or whatever the word, but "share" (and relatedly collect) are the wrong words! You could have a hypothetical site which has no forms and all logging turned off and no 3rd party service providers (in my mind zero collection) meet a definition of collecting simply by including social media icons. We may or may not have strong agreement on facilitator responsibilities, but I do hear a common refrain that we must bring more definitions into a TPE if that TPE is meant to apply to a single compliance doc. IMHO for either a poll 3 or 4 approach to work the TPE must be written in such a way that it can stand on its own. Right now it appears we are struggling with the 2 potential ways of achieving this: 1) piecemeal moving a compliance doc into the TPE, TePliance - which in fairness is NOT option 3.5 but rather a renamed option 1, or 2) writing the TPE in a way that it doesn't assume anything from the compliance doc but is written generally to allow for multiple compliance standards, including one which may come from this group. -Brooks -- Brooks Dobbs, CIPP | Chief Privacy Officer | KBM Group | Part of the Wunderman Network (Tel) 678 580 2683 | (Mob) 678 492 1662 | kbmg.com brooks.dobbs@kbmg.com<mailto:brooks.dobbs@kbmg.com> This email including attachments may contain confidential information. If you are not the intended recipient, do not copy, distribute or act on it. Instead, notify the sender immediately and delete the message. On 11/1/13 6:09 AM, "Walter van Holst" <walter.van.holst@xs4all.nl<mailto:walter.van.holst@xs4all.nl>> wrote: On 01/11/2013 11:02, David Singer wrote: OK, maybe a concrete question. If I (a first party) write a page that pulls in a third-party resource, this causes clients who visit my page also to contact that third party. Lee is saying that that constitutes "sharing" by the first party, even though the transaction from client to third party never came actually "through" the first party. It's sort of an inducement, or the like. Do we need to define this? Is it really 'share', and an inducement to share? Anyway, the first party will not re-write pages for DNT users, I doubt. It reeks more of induced collection than of sharing. For all intents and purposes, the third party does not receive the data through the first party, but directly from the UA. It is more a matter for a compliance spec to attach consequences to this than for the TPE. Regards, Walter
Received on Friday, 1 November 2013 14:43:40 UTC