- From: Alan Chapell <achapell@chapellassociates.com>
- Date: Tue, 01 Oct 2013 14:21:30 -0400
- To: Justin Brookman <jbrookman@cdt.org>
- CC: <public-tracking@w3.org>
- Message-ID: <CE708A6B.3A6CB%achapell@chapellassociates.com>
Thanks Justin. I'm speaking on a panel at the IAPP tomorrow during our call. I'll start to put together examples per your request. Alan From: Justin Brookman <jbrookman@cdt.org> Date: Tuesday, October 1, 2013 2:13 PM To: Alan Chapell <achapell@chapellassociates.com> Cc: <public-tracking@w3.org> Subject: Re: Change proposal for ISSUE-5 ¡© Definition of Tracking > Thanks for the precise and documented change proposal! > > Whether or not this issue gets addressed in the definition of tracking, I > think it has to get addressed in the definition of party either way. That is, > because *tracking* is not an operational term in the document, a company's > cross-site activities might not be considered tracking under your definition, > but they still might be prohibited by the standard because of a narrow > definition of parties and a prohibition on third-party collection absent an > operational permitted use or UGE. So I think you should adapt your language > below to a proposal on ISSUE-10 (as well or in lieu of this) --- if you can > provide specific language for the call tomorrow great; otherwise we can > discuss the concept and expect a proposal by October 9. > > Also, if you could provide some examples for how this might work in practice > under a common branding/contract regime, I think that would be useful for the > group to consider. One example I brought up on the call last week was DAA/IAB > membership --- would multiples companies (including publishers, ad networks, > and others) publicly ascribing to those codes render them one party under your > definition? Or would the branding have to be more robust than that? I just > want to tease out what this means! > > Both ISSUE-5 and ISSU-10 will be discussed tomorrow, and I think we can fold > your new issue into those discussions. > > On Oct 1, 2013, at 1:47 PM, Alan Chapell <achapell@chapellassociates.com> > wrote: > >> I propose the following change proposal for ISSUE-5 ¡© Definition of Tracking >> >> This builds on a definition that was previously submitted by Roy. >> >> ¡°Tracking is the act of following a particular user's browsing activity >> across multiple distinct contexts, via the collection or retention of data >> that can associate a given request to a particular user, user agent, or >> device, and the retention, use, or sharing of data derived from that activity >> outside the context in which it occurred. For the purposes of this >> definition, a context is a set of resources that EITHER: a) share the same >> owner, data controller and a common branding, such that a user would expect >> that data supplied to one of the resources is available to all of the others >> within the same context, OR b) enter into contract with other parties >> regarding the collection, retention, and use of data, share a common branding >> that is easily discoverable by a user, and describe their tracking practices >> clearly and conspicuously in a place that is easily discoverable by the >> user." >> >> Rationale: I believe that we have WG consensus that common ownership, control >> and branding provides sufficient transparency and privacy controls. Building >> on some of David Wainberg¡¯s recent posts, I believe that branding and >> contractual provisions provide an equivalent level of transparency and >> control. >> >> I¡¯m not sure if this concept should reside in the definition of of tracking, >> or if it should sit elsewhere. I¡¯m open to the input of the group. >> >> Alternatively, we can insert this concept into the definition of First Party >> or attempt to address data collection by context rather than by party. The >> rationale behind the latter is that it reduces likely confusion about who is >> a party under each specific use case, and aligns better with user >> understanding and expectations about how data will be processed. >> >> As this is an important issue that could be placed in a number of sections of >> our specification, I¡¯m opening up a separate issue to help ensure it doesn¡¯t >> fall through the cracks. >> >> Alan >
Received on Tuesday, 1 October 2013 18:22:10 UTC