W3C home > Mailing lists > Public > public-tracking@w3.org > October 2013

Re: Change proposal for ISSUE-5 ¡© Definition of Tracking

From: Alan Chapell <achapell@chapellassociates.com>
Date: Tue, 01 Oct 2013 14:21:30 -0400
To: Justin Brookman <jbrookman@cdt.org>
CC: <public-tracking@w3.org>
Message-ID: <CE708A6B.3A6CB%achapell@chapellassociates.com>
Thanks Justin. I'm speaking on a panel at the IAPP tomorrow during our call.

I'll start to put together examples per your request.

Alan


From:  Justin Brookman <jbrookman@cdt.org>
Date:  Tuesday, October 1, 2013 2:13 PM
To:  Alan Chapell <achapell@chapellassociates.com>
Cc:  <public-tracking@w3.org>
Subject:  Re: Change proposal for ISSUE-5 ¡© Definition of  Tracking

> Thanks for the precise and documented change proposal!
> 
> Whether or not this issue gets addressed in the definition of tracking, I
> think it has to get addressed in the definition of party either way.  That is,
> because *tracking* is not an operational term in the document, a company's
> cross-site activities might not be considered tracking under your definition,
> but they still might be prohibited by the standard because of a narrow
> definition of parties and a prohibition on third-party collection absent an
> operational permitted use or UGE.  So I think you should adapt your language
> below to a proposal on ISSUE-10 (as well or in lieu of this) --- if you can
> provide specific language for the call tomorrow great; otherwise we can
> discuss the concept and expect a proposal by October 9.
> 
> Also, if you could provide some examples for how this might work in practice
> under a common branding/contract regime, I think that would be useful for the
> group to consider.  One example I brought up on the call last week was DAA/IAB
> membership --- would multiples companies (including publishers, ad networks,
> and others) publicly ascribing to those codes render them one party under your
> definition?  Or would the branding have to be more robust than that?  I just
> want to tease out what this means!
> 
> Both ISSUE-5 and ISSU-10 will be discussed tomorrow, and I think we can fold
> your new issue into those discussions.
> 
> On Oct 1, 2013, at 1:47 PM, Alan Chapell <achapell@chapellassociates.com>
> wrote:
> 
>> I propose the following change proposal for ISSUE-5 ¡© Definition of Tracking
>>  
>> This builds on a definition that was previously submitted by Roy.
>>  
>> ¡°Tracking is the act of following a particular user's browsing activity
>> across multiple distinct contexts, via the collection or retention of data
>> that can associate a given request to a particular user, user agent, or
>> device, and the retention, use, or sharing of data derived from that activity
>> outside the context in which it occurred. For the purposes of this
>> definition, a context is a set of resources that EITHER: a) share the same
>> owner, data controller and a common branding, such that a user would expect
>> that data supplied to one of the resources is available to all of the others
>> within the same context, OR b) enter into contract with other parties
>> regarding the collection, retention, and use of data, share a common branding
>> that is easily discoverable by a user, and describe their tracking practices
>> clearly and conspicuously in a place that is easily discoverable by the
>> user." 
>>  
>> Rationale: I believe that we have WG consensus that common ownership, control
>> and branding provides sufficient transparency and privacy controls. Building
>> on some of David Wainberg¡¯s recent posts, I believe that branding and
>> contractual provisions provide an equivalent level of transparency and
>> control.
>>  
>> I¡¯m not sure if this concept should reside in the definition of of tracking,
>> or if it should sit elsewhere. I¡¯m open to the input of the group.
>>  
>> Alternatively, we can insert this concept into the definition of First Party
>> or attempt to address data collection by context rather than by party. The
>> rationale behind the latter is that it reduces likely confusion about who is
>> a party under each specific use case, and aligns better with user
>> understanding and expectations about how data will be processed.
>>  
>> As this is an important issue that could be placed in a number of sections of
>> our specification, I¡¯m opening up a separate issue to help ensure it doesn¡¯t
>> fall through the cracks.
>> 
>> Alan 
> 
Received on Tuesday, 1 October 2013 18:22:10 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:45:19 UTC