Re: ISSUE-5: Consensus definition of "tracking" for the intro? from John Simpson on 2013-10-10 (public-tracking@w3.org from October 2013)

From: John Simpson <john@consumerwatchdog.org>
Date: Thu, 10 Oct 2013 13:32:04 -0700
To: Matthias Schunter (Intel Corporation) <mts-std@schunter.org>
Cc: "Mike O'Neill" <michael.oneill@baycloud.com>, public-tracking@w3.org, "'Roy T. Fielding'" <fielding@gbiv.com>, David Singer <singer@apple.com>
Message-Id: <4FD7BBD6-A728-4875-AFF4-DB5CD681E1B5@consumerwatchdog.org>

Sorry for typos:
that should be " xxxx his suggested non-normative text:" at end of 1st graph.
John

On Oct 10, 2013, at 1:15 PM, John Simpson <john@consumerwatchdog.org> wrote:

> Hi Matthias,
> 
> I don't want to rain on your march toward consensus parade, but I have trouble with the " across multiple parties' domains or services" language. It seems to me Rob's language -- proposal 4 -- has it exactly right, particular;y when you include is suggested uninformative text:
> 
> "Tracking is any form of collection, retention, use and/or application of data that are, or can be, associated with a specific user, user agent, or device.
> 
> "non normative explanation: Tracking is not exclusively connected to unique ID cookies. Tracking includes automated real time decisions, intended to analyse or predict the personality or certain personal aspects relating to a natural person, including the analysis and prediction of the person’s health, economic situation, information on political or philosophical beliefs , performance at work, leisure, personal preferences or interests, details and patterns on behavior, detailed location or movements. Tracking is defined in a technological neutral way and includes e.g. cookie based tracking technology, active and passive fingerprinting techniques."
> 
> 
> I can live with what's in the the current editors draft:
> 
> Tracking is the retention or use, after a network interaction is complete, of data that are, or can be, associated with a specific user, user agent, or device.
> 
> Regards,
> John
> 
> 
> On Oct 10, 2013, at 3:15 AM, Matthias Schunter (Intel Corporation) <mts-std@schunter.org> wrote:
> 
>> Hi Mike,
>> 
>> thanks for your feedback!
>> 
>> I have two questions:
>> - Could you live with the proposed text if we decided not to change it?
>> - If not, are there specific (hopefully small) text changes that we could make to allow you to live with this proposal?
>> 
>> Personal remark: While I agree with your points, it is important to note that we aim for a text that is "good enough" and  does not need to be perfect.
>> I.e., an outcome that introduces tracking in a understandable way while covering 80% of what we mean would IMHO be good enough even if there are some corner cases that are not captured 100% accurately.
>> 
>> Regards,
>> matthias
>> On 09/10/2013 22:11, Mike O'Neill wrote:
>>> I agree with David Singer that this is unclear. It seems to say retention of
>>> identifiers is OK within one domain origin but that would allow them by
>>> third-party frames and via redirection via other origin hosts. I know we
>>> don't mean that it could be read that way. To make it clear we would then
>>> have to further qualify the definition, maybe later when it is used for
>>> instance in the third-party compliance section. We would have to say data
>>> cannot be retained if referer(sic) headers, URL query parameters,
>>> postMessage events and whatever communicate cross-domain data i.e. that the
>>> identifier is somehow "attributable" to another domain/service.
>>> 
>>> We could make this clear in the definition by adding some non-normative text
>>> like:
>>> 
>>> Non-normative.
>>> It follows from this that data such as unique identifiers cannot be retained
>>> by a third-party if they can be associated with another host domain or
>>> service.
>>> 
>>> Anyway, in my opinion the cross-domain qualification is already adequately
>>> made elsewhere and putting it here just complicates things, so we should
>>> remove "across multiple parties' domains or services and"  or use Option 3
>>> or 4.
>>> 
>>> Mike
>>> 
>>> 
>>> -----Original Message-----
>>> From: Matthias Schunter (Intel Corporation) [mailto:mts-std@schunter.org]
>>> Sent: 09 October 2013 18:36
>>> To: public-tracking@w3.org (public-tracking@w3.org)
>>> Subject: ISSUE-5: Consensus definition of "tracking" for the intro?
>>> 
>>> Hi Team,
>>> 
>>> during our call, it seemed that the group was converging on a consensus for
>>> this definition of tracking (option 5 by Roy):
>>> 
>>>          Tracking is the collection of data across multiple parties'
>>> domains or services and retention of that data in a
>>>          form that remains attributable to a specific user, user agent, or
>>> device.
>>> 
>>> It is our "old" definition - corrected for grammar.
>>> 
>>> Questions:
>>>   (a) Are there further required improvements that we need to introduce?
>>>   (b) Are there participants that cannot live with this style/type of
>>> definition (assuming we can provide the required final fine-tuning)?
>>> 
>>> Regards,
>>> matthias
>>> 
>>> 
>> 
>

Received on Thursday, 10 October 2013 20:32:38 UTC