- From: Walter van Holst <walter.van.holst@xs4all.nl>
- Date: Fri, 11 Oct 2013 12:18:17 +0200
- To: public-tracking@w3.org
On 11/10/2013 02:39, Roy T. Fielding wrote: > Ah, now I can critique two definitions in one response ... Maybe we can also realise that given the exemption for 1st parties, Rob and John's position is less inane than you may realise. Having said that, I don't think anyone is advocating a full stop prohibition of any usage statistics under DNT:1. The reason I like your last definition most is because of its conciseness, not because it is perfect. Just thinking out loud (and possibly shoddy, so bear with me) here: since this is very intimately related to the notion of 1st and 3rd party, as well as what my understanding is of what David Wainberg means by context, we might as well have a definition of context here: A context is the set of network interactions that arise during or upon a user agent's request of an URL, including any network interactions that subsequently arise without any intentional action by the user agent's user. A party is any natural person, legal entity or groups thereof that can be, either jointly and severally or by one person or entity taking responsibility for all other persons or entities, considered liable for having network interactions with the user agent in a given context outside any contractual exonerations of such liability. If a context is provided by multiple parties, they are considered to be either first or third parties. A party is a first party in a given context if a user can be reasonably expected to be aware of the network interactions with that party or if the context arises from an intentional interaction by the user with the party in a preceding context in which it was a third party. Such awareness must not be expected on the basis of brief or otherwise peripheral messages in the UA's UI. A party's status may be elevated from third to first party through the SAME-PARTY flag. Tracking is any form of collection, retention, use and/or application of data that are, or can be, associated with a specific user, user agent, or device by any third-party in a given context. A third party that claims to be honouring a DNT:1 expression by the UA must not track, unless the tracking meets the requirements for the permitted uses or in case it has obtained consent for that context from the user through the UGE mechanism. If the above makes any sense, we're fixing a bunch of issues in one go: - I think this meets David Wainberg's wishes not to tie the party definition to notions of ownership or control; - I hope this will find merit in David Singer's eyes given is previous criticism for the use of terms like 'domains'; - It also implies context separation quite a few of us like to see between first and third party contexts; - It allows for data gathering by first parties. - Each concept in the list above can be tested to a large extent by all involved. Some of it from a technical perspective, some from a legal perspective and some from a psychological perspective. Regards, Walter
Received on Friday, 11 October 2013 10:18:47 UTC