W3C home > Mailing lists > Public > public-tracking@w3.org > October 2013

RE: tracking-ISSUE-219 (Context separation): 3rd parties that are 1st parties must not use data across these contexts [Compliance Current]

From: Mike O'Neill <michael.oneill@baycloud.com>
Date: Fri, 4 Oct 2013 14:09:09 +0100
To: "'David Wainberg'" <dwainberg@appnexus.com>
Cc: "'Walter van Holst'" <walter.van.holst@xs4all.nl>, <public-tracking@w3.org>, "'Rob Sherman'" <robsherman@fb.com>
Message-ID: <246601cec102$ea158fa0$be40aee0$@baycloud.com>
David,

Yes it is my opinion, but I bet it is shared by many. The point is that web activity is collected by parties without our knowledge or agreement, and it is not knowing who is collecting it, who they are sharing it with and to what purpose which makes people uneasy (or angry - there is a spectrum).

There is no need to continually ask for consent, technically an opt-in can be stored just as easily as an opt-out. If you do not continually ask for an opt-out why would you do it for an opt-in? In fact an opt-in does not have the problem that if state is deleted (cookies, cache, localStorage) for privacy protection reasons the user is deemed to have agreed (e.g. to be tracked). Anyway DNT is already a compromise between opt-in and opt-out, because of the more or less ambiguous unset case, we should learn to live with that and move on.

Mike



-----Original Message-----
From: David Wainberg [mailto:dwainberg@appnexus.com] 
Sent: 04 October 2013 13:37
To: Mike O'Neill
Cc: 'Walter van Holst'; public-tracking@w3.org; 'Rob Sherman'
Subject: Re: tracking-ISSUE-219 (Context separation): 3rd parties that are 1st parties must not use data across these contexts [Compliance Current]

Hi Mike,

On 2013-10-04 6:44 AM, Mike O'Neill wrote:
> David,
>
> IMO people have already decided what Do Not Track means (the clue is in the name), and with >20% downloading ad & cookie blockers, regularly purging cookies etc. a significant proportion are already expressing that preference.
Yes, that's your opinion -- you've decided what DNT means. We shouldn't assume anyone or everyone else has, especially when most people do not understand the details of how the Internet works. And I don't know that ad blocking and cookie blocking tells us much about what DNT should mean
-- only that users have some concerns. Are they concerned with NSA spying or visually intrusive ads or something else?

> A far better option is to respect this with a clear commitment not to retain tracking data (unique ids, fingerprints etc.) , and building trust through the UGE mechanism (consent).
>
> The added value created by individual personalisation (beyond what you could get with low entropy cookies), could be part of the conversation to justify tracking. Isn't that what the deal is supposed be anyway?
I think we've seen in the past that asking users to give consent over and over and over is not a good model. It irritates users, desensitizes them to the choice (since they just want their content), and it incentivizes overly broad consents. A good opt-out is better than a bad opt-in.

Also, someone made the point on the call this week that we might distinguish personalization from tailoring or customization, since in many (or most) cases, it's not personal to the user (no PII). I like that distinction.

Best,

David
>
> Mike
>
>
> -----Original Message-----
> From: David Wainberg [mailto:dwainberg@appnexus.com]
> Sent: 03 October 2013 20:16
> To: Mike O'Neill
> Cc: 'Walter van Holst'; public-tracking@w3.org; Rob Sherman
> Subject: Re: tracking-ISSUE-219 (Context separation): 3rd parties that 
> are 1st parties must not use data across these contexts [Compliance 
> Current]
>
> Mike,
>
> On 2013-10-03 7:20 AM, Mike O'Neill wrote:
>> If a user sees personalisation when they have explicitly requested not to be tracked they will assume their wishes are being ignored, and this will damage the credibility of Do Not Track.
> I disagree. I realize it will be a challenge to get right, but since users will be educated about what DNT does or does not do before they make the choice to turn it on, they'll understand that any post-DNT:1 personalization they're seeing is being done in accordance with the DNT rules, and so with limited data retention. In fact, users could come to understand it as a great benefit: they get the personalization, but without their browsing history being accumulated and retained.
>
> Best,
>
> -David
>
>
>
Received on Friday, 4 October 2013 13:09:44 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:45:19 UTC