Re: tracking-ISSUE-219 (Context separation): 3rd parties that are 1st parties must not use data across these contexts [Compliance Current] from Walter van Holst on 2013-10-03 (public-tracking@w3.org from October 2013)

From: Walter van Holst <walter.van.holst@xs4all.nl>
Date: Thu, 03 Oct 2013 09:36:49 +0200
To: public-tracking@w3.org
Message-ID: <94039a32d29259e6c4f2f953e65a6e5b@xs4all.nl>

On 2013-10-03 05:08, Rob Sherman wrote:
> Walter,
> 
> I don't think it's correct as a per se matter that use of first party 
> data
> outside of the website on which it was collected runs counter to 
> consumer
> expectations.  In some cases, of course, that would be true (if I send 
> an
> email on my gmail account, I would not expect to see that email on the
> front page of nytimes.com), but there are many instances in which I do
> think that this use would be expected.  For example, as a user of
> Facebook, I would find it contextually appropriate Facebook to use data 
> I
> provided to it as a first-party to personalize my experience on other
> websites that have Facebook plugins.  The proposal you offer below 
> would
> undermine that expectation and would break that functionality.  It 
> seems
> most reasonable to assume that users who don't want data they provide 
> to
> Facebook to be used on other websites can choose (1) not to give 
> Facebook
> the data in the first instance, (2) to turn off Facebook Platform in 
> their
> settings, or (3) to log out of Facebook when they are done using it.
> Obviously, this is a specific example, but my point is that it's not 
> good
> policy to make a general assumption that it's never expected to use 
> data
> across multiple sites and to limit functionality on the basis of that
> assumption.

To the contrary. This change proposal has been made with, among others, 
Facebook plugins in mind. Your typical Facebook user is not aware that 
visiting a webpage with a Facebook Like Button (one of the most prolific 
Facebook plugins) results in Facebook being able to record that visit, 
up to the point of recording the contents of that webpage and the 
duration of the visit.

The Facebook privacy settings are themselves a study in obfuscation 
which I'd rather not discuss here. Being logged on to Facebook is also 
typically something that the user often may not be aware of. Moreover, 
Facebook is perfectly positioned to acquire consent through the 
exceptions mechanism. Which BTW should be done on a per 1st party basis.

In short, I don't think I could disagree much more with you here. The 
data gathering through Facebook plugins are a typical example of what 
users perceive as stalking or otherwise creepy as soon as they become 
aware of. Which most of them aren't. Yet.

Regards,

Walter

Received on Thursday, 3 October 2013 07:37:17 UTC