W3C home > Mailing lists > Public > public-tracking@w3.org > October 2013

RE: Another possible change that needs to be reverted from the Editor's Draft

From: Mike O'Neill <michael.oneill@baycloud.com>
Date: Thu, 3 Oct 2013 16:35:58 +0100
To: "'Israel, Susan'" <Susan_Israel@Comcast.com>, "'Justin Brookman'" <jbrookman@cdt.org>, "'Dobbs, Brooks'" <brooks.dobbs@kbmg.com>, <vigoel@adobe.com>
Cc: "'Nicholas Doty'" <npdoty@w3.org>, <public-tracking@w3.org>
Message-ID: <22cd01cec04e$428a8740$c79f95c0$@baycloud.com>
Susan,

 

If I pass my email address to you, you know it and I know it. We have shared
the item of information. Data is not a material countable good (there is a
legal name for that but I forget what it is), because it can be cloned
infinitely at no cost. It is always shared (unless we want to bring in
homomorphic encryption - but let's not).

 

I think shared is a better description because after sharing both parties
have access to it, and both can use it without the other's knowledge.

 

Mike

 

From: Israel, Susan [mailto:Susan_Israel@Comcast.com] 
Sent: 03 October 2013 15:16
To: Justin Brookman; Dobbs, Brooks; vigoel@adobe.com
Cc: Nicholas Doty; public-tracking@w3.org
Subject: RE: Another possible change that needs to be reverted from the
Editor's Draft

 

I do think of the meanings of these terms differently, and I think other
people may also use them differently.   I think of "share" as having the
connotation of giving use or ownership rights in the data to the party to
which it is transferred, while "pass" conveys the more minimal idea that the
data moves from custody of one entity to another, but this might mean to a
service provider that has no independent right to use the data, other than
to perform its services for and on behalf of the party that passed the data
to it.  No objection to adding it to the wiki, as I do think it is
substantive. 

 

From: Justin Brookman [mailto:jbrookman@cdt.org] 
Sent: Thursday, October 03, 2013 10:09 AM
To: Dobbs, Brooks
Cc: Nicholas Doty; public-tracking@w3.org
Subject: Re: Another possible change that needs to be reverted from the
Editor's Draft

 

I'm afraid I still don't quite get home this plays out in the real world, so
examples would probably be useful (now or when we ultimately discuss this
issue).  I suspect it may be related to the point I was discussing yesterday
with David Wainberg about first parties just being a conduit and the
compliance obligation should lie on the third parties, but perhaps not!

 

In any event, I think Nick should add PASS vs SHARE to the Wiki for for
First Party Compliance.  I think we're worrying a bit too much about what is
in the current Editors' Draft as these issues are all marked to be resolved,
but if an editor could revert share to pass on the next go-round, that would
probably be for the best as many believe this is substantive.

On Oct 3, 2013, at 9:41 AM, "Dobbs, Brooks" <Brooks.Dobbs@kbmg.com> wrote:

 

Justin,

 

I think the difference is whether the party in the middle ever sees the
data.  For me, to "pass" something to you it has to move through me.  I
collect it (or otherwise come by it) and then give it to you.  Share may be
a little more general.  Share may be closer to saying that I enable you to
collect the information directly.

 

-Brooks

-- 

Brooks Dobbs, CIPP | Chief Privacy Officer | KBM Group | Part of the
Wunderman Network
(Tel) 678 580 2683 | (Mob) 678 492 1662 | kbmg.com 
brooks.dobbs@kbmg.com <x-msg://434/brooks.dobbs@kbmg.com> 

<image[224].png>

This email - including attachments - may contain confidential information.
If you are not the intended recipient,
 do not copy, distribute or act on it. Instead, notify the sender
immediately and delete the message. 

 

From: Justin Brookman <jbrookman@cdt.org <mailto:jbrookman@cdt..org> >
Date: Wednesday, October 2, 2013 10:14 PM
To: Chris Pedigo <CPedigo@online-publishers.org>
Cc: "public-tracking@w3.org" <public-tracking@w3.org>
Subject: Re: Another possible change that needs to be reverted from the
Editor's Draft
Resent-From: <public-tracking@w3.org>
Resent-Date: Wednesday, October 2, 2013 10:14 PM

 

I may be dense, but I don't comprehend the difference.  What behavior
constitutes sharing but not passing?



Chris Pedigo <CPedigo@online-publishers.org> wrote:

FWIW, I have a problem with the current definition of "share" as it seems
overly broad. And "pass" is more descriptive of what we're trying to
restrict - the actual transfer of data to a 3rd party. I'd prefer to stick
with "pass" for the time being. So, this seems more than simply editorial. 

> On Oct 2, 2013, at 9:03 PM, "Justin Brookman" <jbrookman@cdt.org> wrote:
> 
> Pass vs. share?  Seems editorial unless I'm missing something.
> 
> 
> Nicholas Doty <npdoty@w3.org> wrote:
> 
> Hi Vinay,
> 
> Thanks for the note. I had a different interpretation from David in
thinking that some of your suggestions were editorial, like in using defined
terms where the text seemed to use intended synonyms for them ("pass to" and
"transmit" were both examples of that).
> 
> I don't think those edits substantially change any of the proposals that
the group is working through, or for that matter, the intended or common
reading of those pieces of text. However, I'm not an editor of this
document, I'm just trying to help out, and I would happily defer to the
chairs on any uncertainties.
> 
> Thanks,
> Nick
> 
> On October 2, 2013, at 5:28 PM, Vinay Goel <vigoel@adobe.com> wrote:
> 
> > Hi Nick,
> > 
> > When reading the current editor's draft again tonight, I noticed that a
> > change was made to the First Party Compliance section that may be
> > substantive.  Specifically, I asked to make this particular change in my
> > email to the WG on 18 September; and David Singer's response on 23
> > September said "Issue needed.  This is not editorial."
> > 
> > The language in question is the use of 'pass' within First Party
> > Compliance.  While I personally agree that it makes sense to use defined
> > terms instead of using unclear/undefined terms, I wanted to point out
that
> > a change was made that probably shouldn't have.  << See Comment 6 below
>>
> > I believe the change was made because another participant suggested the
> > change; and that email/request was acted upon without reviewing the
email
> > between David and me.
> > 
> > Current text is: "The first party must not share data about this network
> > interaction with third parties who could not collect the data themselves
> > under this recommendation. Data about the transaction may be shared with
> > service providers acting on behalf of the first party.".  The old text
had
> > 'pass'.
> > 
> > Let me know if I'm missing something, but I believe this change should
be
> > reverted (only because there hasn't been discussion on it).
> > 
> > -Vinay
> > 
> > 
> > 
> > On 9/23/13 2:39 PM, "David Singer" <singer@apple.com> wrote:
> > 
> >> Hi Vinay, friends
> >> 
> >> Matthias asked me to take a look, as one of the editing team, and
suggest
> >> what was editorial and what you should probably raise an issue about.
> >> 
> >> Here are my suggestions.  Unless you, or anyone in the group, objects,
> >> we'll do the editorials in about a week's time.  (Note, this isn't a
hard
> >> deadline, as reversing an editorial change can easily be done, and an
> >> issue raised, if we later realize that the edit had implications we had
> >> not realized.)
> >> 
> >> 
> >> On Sep 18, 2013, at 9:41 , Vinay Goel <vigoel@adobe.com> wrote:
> >> 
> >>> Comment 1 < I believe Editorial:  Section 2.8 < Deidentified
> >>> - Current text: "commits to try not to reidentify the data;"
> >>> - Comment: First off, the spec uses 're-identify' in #3.  So I'd
> >>> suggest switching to re-identify for consistency.  Second, the current
> >>> language is a tongue twister.  Instead, would something like "Commits
> >>> from trying to re-identify the data" or "Commits to not trying to
> >>> re-identify the data"?  I believe both capture the same intent but are
> >>> clearer to read.
> >> 
> >> clearly editorial, suggest:
> >> "commits to make no attempt to re-identify the data" (reduce the number
> >> of verbs)
> >> 
> >>> Comment 2 < I believe both Editorial and Structural: Section 2.10 <
> >>> Definition of Collects
> >>> - Current Text: "A party collects data if it receives the data and
> >>> shares the data with other parties or stores the data for more than a
> >>> transient period."
> >>> - Comment: This sentence has unclear conjunctions.  I think it would
> >>> help a lot if you add 'either' between 'and' and 'shares'..  Second, I
> >>> would change the sentence to "A party collects data if it receives the
> >>> data and either shares the data or stores the data for more than a
> >>> transient period." Since Shares is defined below, do we need to
restate
> >>> 'with other parties'?  Third, personally, I feel like the idea 'stores
> >>> the data for more than a transient period' is 'retaining the data'.
Is
> >>> there a reason why you don't use 'retain' here?
> >> 
> >> deal with the editorial:
> >> A party collects data if it receives the data, and either shares the
> >> data with other parties, or stores the data for more than a transient
> >> period.
> >> 
> >> On possible confusion between collection and retention, an issue would
be
> >> needed.
> >> 
> >> 
> >>> Comment 3 < I believe Editorial: Section 2.10 < Definition of Uses
> >>> - Current Text: "A party uses data if the party processes the data for
> >>> any purpose other than storage or merely forwarding it to another
party."
> >>> - Comment: Again, I think we need to add 'either' between 'than' and
> >>> 'storage'.  Otherwise, is the or between storage and forwarding or
> >>> processes and forwarding.
> >> 
> >> I think editorial:
> >> A party uses data if the party processes the data for any purpose other
> >> than either storage or merely forwarding it to another party.
> >> 
> >>> Comment 4 < Questions on language: Section 2.10 < Definition of Shares
> >>> - Current Text: "A party shares data if the party enables another
party
> >>> to receive or access the data."
> >>> - Comment: Why do we say 'receive or access the data' instead of
> >>> 'collects, retains or uses'?
> >> 
> >> Issue needed. This is not editorial.
> >> 
> >>> Comment 5 < Questions on language / editorial / content: Section 4 <
> >>> First Party Compliance
> >>> - Current Text: "©first party MAY engage in its normal collection and
> >>> use of information."
> >>> - Comment:  What if the first party's norma collection is to share it
> >>> with 3rd parties for reselling purposes?  I know there are limits in
the
> >>> next paragraph on passing information to other parties, but why even
set
> >>> this up?  Why not just say something to the effect of "If a first
party
> >>> receives a DNT:1 signal, the first party MAY collect, retain, and use
> >>> information to customize the content, services and advertising in the
> >>> context of the first party experience."?
> >> 
> >> Issue needed.  This is not editorial.
> >> 
> >>> Comment 6 < Questions on language / editorial / content: Section 4 <
> >>> First Party Compliance
> >>> - Current Text: "The first party MUST NOT pass©"
> >>> - Comment:  Why pass and not share here?  Pass is undefined, whereas
> >>> share is defined.  Seems like we should be using defined terms when
> >>> possible.
> >> 
> >> Issue needed.  This is not editorial.
> >> 
> >>> Comment 7 < Questions on language / editorial: Section 4 < First Party
> >>> Compliance
> >>> - Current Text: "First parties may elect to follow third party
> >>> practices."
> >>> - Comment:  I think this is worded badly.  I don't think this language
> >>> is necessary.  But, without fighting that battle, how about "A first
> >>> party MAY elect to follow the rules outlined for a third party within
> >>> this specification."
> >> 
> >> I would leave out "outlined" or use "defined" or the like; probably
> >> editorial:
> >> "A first party MAY elect to follow the rules defined here for third
> >> parties."
> >> 
> >> (I agree, it's silly to say it.  We are about saying where the fence
is;
> >> of course you can stay well within the fence.)
> >> 
> >>> Comment 8 < Third Party Compliance
> >>> - Current Text: "Further, parties may collect, use, and retain such
> >>> information to comply with applicable laws, regulations, and judicial
> >>> processes."
> >>> - Comment: I get what you're trying to do here, but this language
> >>> should be done in both First Party compliance and Third Party
> >>> compliance. Otherwise, its odd to have just 'parties' here in a
section
> >>> titled 3rd Party compliance.  Also, I think its worth calling out
> >>> 'share' here.
> >> 
> >> Suggest editorial, and just move this sentence so it's clearly general:
> >> "Notwithstanding anything in this specification, parties may collect,
> >> use, share, and retain information required to comply with applicable
> >> laws, regulations, and judicial processes."
> >> 
> >> But this is closer to the border, and could be an issue if anyone
wishes.
> >> 
> >>> Comment 9 < Third Party Compliance
> >>> - Current Text: "© So long as the information is not transmitted to a
> >>> third party©."  (in the 6th paragraph)
> >>> - Comment: Why not just say share here?
> >> 
> >> Issue needed.  This is not editorial.
> >> 
> >>> Comment 10 < User-Granted Exceptions
> >>> - Current Text: "© Recommendation ©."  (last sentence of the first
> >>> paragraph)
> >>> - Comment: Why are we calling it a recommendation here but call it a
> >>> standard in the first sentence of the next paragraph?
> >> 
> >> Editorial. W3C issues recommendations, not standards.
> >> globally replace "this standard" with "this recommendation".
> >> 
> >> David Singer
> >> Multimedia and Software Standards, Apple Inc.
> >> 
> >> 
> > 
> > 
> 

 
Received on Thursday, 3 October 2013 15:36:38 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:45:19 UTC