W3C home > Mailing lists > Public > public-tracking@w3.org > October 2013

Re: New Change Proposal: New text for First Party Compliance (Issue-170)

From: Lee Tien <tien@eff.org>
Date: Tue, 1 Oct 2013 08:29:13 -0700
Cc: Walter van Holst <walter.van.holst@xs4all.nl>, <public-tracking@w3.org>
Message-Id: <99E20A41-B561-4863-B1CC-7EF3DFA47D9D@eff.org>
To: David Wainberg <dwainberg@appnexus.com>
Hi David,

This is how I think advocates see it -- feel free to correct me if I've misunderstood or erred.

Assumption:  If a third party could practically or feasibly collect such data itself from the user under a permitted use, then it would (and doesn't need this new text).

Inference:  It seems (here is where my logic may be faulty) that this change only matters when the third party can't practically or feasibly collect the data itself, but the first party can.

Conclusion:  First parties could send data to third parties that the third parties otherwise wouldn't have, whether for technical or economic reasons.

That's not good from a privacy advocate's perspective, because we want to minimize unconsented data flow, period.  Even if we "agree" to a permitted use (which may be a matter of politics and not what we view as good policy), we may still think of it as a loophole because it departs from what we view as the correct DNT norm (don't collect without consent).  

Put another way, the fact that third parties would still be bound by rules is secondary to the primary point:  they'd have the data.    

Lee






On Oct 1, 2013, at 6:14 AM, David Wainberg wrote:

> 
> On 2013-10-01 9:07 AM, Walter van Holst wrote:
>> On 2013-10-01 15:00, David Wainberg wrote:
>>> Mike,
>>> 
>>> As the draft spec stands today, under DNT:1 third parties can collect
>>> and use data with an exception or under the permitted uses. I don't
>>> see the loophole. These exceptions are already agreed on.
>> 
>> You are assuming that exceptions will always be granted. I rather doubt that. As far as the permitted uses are concerned, I do not read them as permitting to share DNT:1 data with third parties.
> I'm not assuming that exceptions will always be granted. What does that have to do with it? And permitted uses will always be allowed.
>> 
>> So Mike is right, this would create a glaring loophole, which would be a no-no to me.
> I still don't understand what the loophole is. Can you explain further?
> 
> -David
> 
> 
Received on Tuesday, 1 October 2013 17:58:08 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:45:19 UTC