- From: Justin Brookman <jbrookman@cdt.org>
- Date: Thu, 3 Oct 2013 10:09:03 -0400
- To: "Dobbs, Brooks" <Brooks.Dobbs@kbmg.com>
- Cc: Nicholas Doty <npdoty@w3.org>, public-tracking@w3.org
- Message-Id: <4ADD1AF9-AE4B-4429-87D6-87456660F54D@cdt.org>
I'm afraid I still don't quite get home this plays out in the real world, so examples would probably be useful (now or when we ultimately discuss this issue). I suspect it may be related to the point I was discussing yesterday with David Wainberg about first parties just being a conduit and the compliance obligation should lie on the third parties, but perhaps not! In any event, I think Nick should add PASS vs SHARE to the Wiki for for First Party Compliance. I think we're worrying a bit too much about what is in the current Editors' Draft as these issues are all marked to be resolved, but if an editor could revert share to pass on the next go-round, that would probably be for the best as many believe this is substantive. On Oct 3, 2013, at 9:41 AM, "Dobbs, Brooks" <Brooks.Dobbs@kbmg.com> wrote: > Justin, > > I think the difference is whether the party in the middle ever sees the data. For me, to "pass" something to you it has to move through me. I collect it (or otherwise come by it) and then give it to you. Share may be a little more general. Share may be closer to saying that I enable you to collect the information directly. > > -Brooks > -- > > Brooks Dobbs, CIPP | Chief Privacy Officer | KBM Group | Part of the Wunderman Network > (Tel) 678 580 2683 | (Mob) 678 492 1662 | kbmg.com > brooks.dobbs@kbmg.com > > <image[224].png> > > This email including attachments may contain confidential information. If you are not the intended recipient, > do not copy, distribute or act on it. Instead, notify the sender immediately and delete the message. > > From: Justin Brookman <jbrookman@cdt.org> > Date: Wednesday, October 2, 2013 10:14 PM > To: Chris Pedigo <CPedigo@online-publishers.org> > Cc: "public-tracking@w3.org" <public-tracking@w3.org> > Subject: Re: Another possible change that needs to be reverted from the Editor's Draft > Resent-From: <public-tracking@w3.org> > Resent-Date: Wednesday, October 2, 2013 10:14 PM > > I may be dense, but I don't comprehend the difference. What behavior constitutes sharing but not passing? > > > Chris Pedigo <CPedigo@online-publishers.org> wrote: > > FWIW, I have a problem with the current definition of "share" as it seems overly broad. And "pass" is more descriptive of what we're trying to restrict - the actual transfer of data to a 3rd party. I'd prefer to stick with "pass" for the time being. So, this seems more than simply editorial. > > > On Oct 2, 2013, at 9:03 PM, "Justin Brookman" <jbrookman@cdt.org> wrote: > > > > Pass vs. share? Seems editorial unless I'm missing something. > > > > > > Nicholas Doty <npdoty@w3.org> wrote: > > > > Hi Vinay, > > > > Thanks for the note. I had a different interpretation from David in thinking that some of your suggestions were editorial, like in using defined terms where the text seemed to use intended synonyms for them ("pass to" and "transmit" were both examples of that). > > > > I don't think those edits substantially change any of the proposals that the group is working through, or for that matter, the intended or common reading of those pieces of text. However, I'm not an editor of this document, I'm just trying to help out, and I would happily defer to the chairs on any uncertainties. > > > > Thanks, > > Nick > > > > On October 2, 2013, at 5:28 PM, Vinay Goel <vigoel@adobe.com> wrote: > > > > > Hi Nick, > > > > > > When reading the current editor's draft again tonight, I noticed that a > > > change was made to the First Party Compliance section that may be > > > substantive. Specifically, I asked to make this particular change in my > > > email to the WG on 18 September; and David Singer's response on 23 > > > September said "Issue needed. This is not editorial." > > > > > > The language in question is the use of 'pass' within First Party > > > Compliance. While I personally agree that it makes sense to use defined > > > terms instead of using unclear/undefined terms, I wanted to point out that > > > a change was made that probably shouldn't have. << See Comment 6 below >> > > > I believe the change was made because another participant suggested the > > > change; and that email/request was acted upon without reviewing the email > > > between David and me. > > > > > > Current text is: "The first party must not share data about this network > > > interaction with third parties who could not collect the data themselves > > > under this recommendation. Data about the transaction may be shared with > > > service providers acting on behalf of the first party.". The old text had > > > 'pass'. > > > > > > Let me know if I'm missing something, but I believe this change should be > > > reverted (only because there hasn't been discussion on it). > > > > > > -Vinay > > > > > > > > > > > > On 9/23/13 2:39 PM, "David Singer" <singer@apple.com> wrote: > > > > > >> Hi Vinay, friends > > >> > > >> Matthias asked me to take a look, as one of the editing team, and suggest > > >> what was editorial and what you should probably raise an issue about. > > >> > > >> Here are my suggestions. Unless you, or anyone in the group, objects, > > >> we'll do the editorials in about a week's time. (Note, this isn't a hard > > >> deadline, as reversing an editorial change can easily be done, and an > > >> issue raised, if we later realize that the edit had implications we had > > >> not realized.) > > >> > > >> > > >> On Sep 18, 2013, at 9:41 , Vinay Goel <vigoel@adobe.com> wrote: > > >> > > >>> Comment 1 I believe Editorial: Section 2.8 Deidentified > > >>> - Current text: "commits to try not to reidentify the data;" > > >>> - Comment: First off, the spec uses 're-identify' in #3. So I'd > > >>> suggest switching to re-identify for consistency. Second, the current > > >>> language is a tongue twister. Instead, would something like "Commits > > >>> from trying to re-identify the data" or "Commits to not trying to > > >>> re-identify the data"? I believe both capture the same intent but are > > >>> clearer to read. > > >> > > >> clearly editorial, suggest: > > >> "commits to make no attempt to re-identify the data" (reduce the number > > >> of verbs) > > >> > > >>> Comment 2 I believe both Editorial and Structural: Section 2.10 > > >>> Definition of Collects > > >>> - Current Text: "A party collects data if it receives the data and > > >>> shares the data with other parties or stores the data for more than a > > >>> transient period." > > >>> - Comment: This sentence has unclear conjunctions. I think it would > > >>> help a lot if you add 'either' between 'and' and 'shares'. Second, I > > >>> would change the sentence to "A party collects data if it receives the > > >>> data and either shares the data or stores the data for more than a > > >>> transient period." Since Shares is defined below, do we need to restate > > >>> 'with other parties'? Third, personally, I feel like the idea 'stores > > >>> the data for more than a transient period' is 'retaining the data'. Is > > >>> there a reason why you don't use 'retain' here? > > >> > > >> deal with the editorial: > > >> A party collects data if it receives the data, and either shares the > > >> data with other parties, or stores the data for more than a transient > > >> period. > > >> > > >> On possible confusion between collection and retention, an issue would be > > >> needed. > > >> > > >> > > >>> Comment 3 I believe Editorial: Section 2.10 Definition of Uses > > >>> - Current Text: "A party uses data if the party processes the data for > > >>> any purpose other than storage or merely forwarding it to another party." > > >>> - Comment: Again, I think we need to add 'either' between 'than' and > > >>> 'storage'. Otherwise, is the or between storage and forwarding or > > >>> processes and forwarding. > > >> > > >> I think editorial: > > >> A party uses data if the party processes the data for any purpose other > > >> than either storage or merely forwarding it to another party. > > >> > > >>> Comment 4 Questions on language: Section 2.10 Definition of Shares > > >>> - Current Text: "A party shares data if the party enables another party > > >>> to receive or access the data." > > >>> - Comment: Why do we say 'receive or access the data' instead of > > >>> 'collects, retains or uses'? > > >> > > >> Issue needed. This is not editorial. > > >> > > >>> Comment 5 Questions on language / editorial / content: Section 4 > > >>> First Party Compliance > > >>> - Current Text: "first party MAY engage in its normal collection and > > >>> use of information." > > >>> - Comment: What if the first party's norma collection is to share it > > >>> with 3rd parties for reselling purposes? I know there are limits in the > > >>> next paragraph on passing information to other parties, but why even set > > >>> this up? Why not just say something to the effect of "If a first party > > >>> receives a DNT:1 signal, the first party MAY collect, retain, and use > > >>> information to customize the content, services and advertising in the > > >>> context of the first party experience."? > > >> > > >> Issue needed. This is not editorial. > > >> > > >>> Comment 6 Questions on language / editorial / content: Section 4 > > >>> First Party Compliance > > >>> - Current Text: "The first party MUST NOT pass" > > >>> - Comment: Why pass and not share here? Pass is undefined, whereas > > >>> share is defined. Seems like we should be using defined terms when > > >>> possible. > > >> > > >> Issue needed. This is not editorial. > > >> > > >>> Comment 7 Questions on language / editorial: Section 4 First Party > > >>> Compliance > > >>> - Current Text: "First parties may elect to follow third party > > >>> practices." > > >>> - Comment: I think this is worded badly. I don't think this language > > >>> is necessary. But, without fighting that battle, how about "A first > > >>> party MAY elect to follow the rules outlined for a third party within > > >>> this specification." > > >> > > >> I would leave out "outlined" or use "defined" or the like; probably > > >> editorial: > > >> "A first party MAY elect to follow the rules defined here for third > > >> parties." > > >> > > >> (I agree, it's silly to say it. We are about saying where the fence is; > > >> of course you can stay well within the fence.) > > >> > > >>> Comment 8 Third Party Compliance > > >>> - Current Text: "Further, parties may collect, use, and retain such > > >>> information to comply with applicable laws, regulations, and judicial > > >>> processes." > > >>> - Comment: I get what you're trying to do here, but this language > > >>> should be done in both First Party compliance and Third Party > > >>> compliance. Otherwise, its odd to have just 'parties' here in a section > > >>> titled 3rd Party compliance. Also, I think its worth calling out > > >>> 'share' here. > > >> > > >> Suggest editorial, and just move this sentence so it's clearly general: > > >> "Notwithstanding anything in this specification, parties may collect, > > >> use, share, and retain information required to comply with applicable > > >> laws, regulations, and judicial processes." > > >> > > >> But this is closer to the border, and could be an issue if anyone wishes. > > >> > > >>> Comment 9 Third Party Compliance > > >>> - Current Text: " So long as the information is not transmitted to a > > >>> third party." (in the 6th paragraph) > > >>> - Comment: Why not just say share here? > > >> > > >> Issue needed. This is not editorial. > > >> > > >>> Comment 10 User-Granted Exceptions > > >>> - Current Text: " Recommendation ." (last sentence of the first > > >>> paragraph) > > >>> - Comment: Why are we calling it a recommendation here but call it a > > >>> standard in the first sentence of the next paragraph? > > >> > > >> Editorial. W3C issues recommendations, not standards. > > >> globally replace "this standard" with "this recommendation". > > >> > > >> David Singer > > >> Multimedia and Software Standards, Apple Inc. > > >> > > >> > > > > > > > > >
Received on Thursday, 3 October 2013 14:09:38 UTC