- From: Alan Chapell <achapell@chapellassociates.com>
- Date: Wed, 09 Oct 2013 11:06:20 -0400
- To: John Simpson <john@consumerwatchdog.org>
- CC: "public-tracking@w3.org" <public-tracking@w3.org>
- Message-ID: <CE7ACA4D.3ADC3%achapell@chapellassociates.com>
John, Although I believe the NAI and DAA like many trade associations have some form of agreement between them and their members, I don't see this as an industry association initiative. The contract in my example isn't with the associations. The main point is that ownership is not better than contract for ensuring user privacy. One thing we can ensure with contract that is not necessarily the case with ownership alone is a clear, conspicuous, and common set of privacy rules that apply across the contractually affiliated sites. Given that, the question becomes what it actually looks like to users. We may not have a live example to point to today, but conceptually it might be similar to the network created by the now defunct QuandrantOne (http://www.quadrantone.com <http://www.quadrantone.com/> /). Lets assume the QuadrantOne network of sites had contractual relationships to work together to serve targeted advertising. Lets assume that each site on QuadrantOne was wiling to have a link somewhere easily discoverable that they belong to the QuadrantOne network of sites. (I.e., branding) And lets compare QuadrantOne to a potential ad network created by Amazon.com and the WashingtonPost both essentially owned by Jeff Bezos. Per our current rule set, the common ownership need only be easily discoverable in order for both entities to claim status as a common party. To be clear, I have no knowledge of what Mr. Bezos plan is but Amazon has managed to carve out a nearly billon dollar per year advertising business thus far. http://www.businessinsider.com/heres-a-glimpse-inside-amazons-secretive-800- million-ad-business-2013-10 Utilizing the above examples, QuadrantOne provided a level of privacy protections for consumers that were at least as good as Amazon / WashingtonPost - organizations that share common ownership and branding. And if we're treating them differently, I'd like to understand the policy justification for doing so. With that in mind, consider the head to head example I shared last week. In my example, there are two groups of websites. Group A is owned by Justin, and group B is managed by Matthias. [think of Matthias in this case as QuadrantOne] Each website in group A has a different privacy policy and different privacy practices. Each website in group B has a different privacy policy and different privacy practices. Each website in group A has a link that clearly states "You are visiting a Justin-owned website" Each website in group B has a link that clearly states "You are visiting a websites on the Matthias network" Each website in group A is presumably subject to some form of contract for serving ads across each of Justin's sites. Each website in group B is definitely subject to a contract for serving ads across each of Matthias' sites. Under our current definitions and policy regime, Justin is allowed to track across his sites, but Matthias is not. The outcome doesn't make sense for privacy, does it? Alan From: John Simpson <john@consumerwatchdog.org> Date: Tuesday, October 8, 2013 4:20 PM To: Alan Chapell <achapell@chapellassociates.com> Cc: "public-tracking@w3.org" <public-tracking@w3.org> Subject: Re: Change Proposals: Issue 10 Resent-From: <public-tracking@w3.org> Resent-Date: Tue, 08 Oct 2013 20:20:31 +0000 > Does this mean that a party could sign a contract with DAA (or other trade > association) describing its collection practices, use the common "brand" of > the DAA icon, describe its practices in a privacy policy and then share with > every other entity that does the same thing, i.e., all the other DAA members? > > > On Oct 8, 2013, at 10:23 AM, Alan Chapell <achapell@chapellassociates.com> > wrote: > >> Proposal: Party definition Make affiliate list an example; add ownership OR >> contract as ways to reach "common party" status >> This builds upon a previous Proposal from Amy Colando >> <http://lists.w3.org/Archives/Public/public-tracking/2013Jun/0370.html> and >> Proposal from Chris Pedigo >> <http://lists.w3.org/Archives/Public/public-tracking/2013Jun/0390.html> and >> is in response to a suggestion from Justin Brookman as we look for the best >> home for this concept. >> >> This is a replacement for last few sentences in section 2.4 Party >> >> New text >> For unique corporate entities to qualify as a common party with respect to >> this document, those entities MUST be EITHER: commonly owned and commonly >> controlled OR enter into contract with other parties regarding the >> collection, retention, and use of data, share a common branding that is >> easily discoverable by a user, and describe their tracking practices clearly >> and conspicuously in a place that is easily discoverable by the user. >> Regardless, parties MUST provide transparency about what types of entities >> are considered part of the same party. Examples of ways to provide this >> transparency are through common branding or by providing a list of affiliates >> that is available via a link from a resource where a party describes DNT >> practices. >> >> Rationale >> Strong contractual provisions and branding provide a level of privacy >> protections for consumers that is at least as good as Common ownership and >> branding. >> >> Alan Chapell >> >> >
Received on Wednesday, 9 October 2013 15:06:54 UTC