Re: [ISSUE-206] Service Provider (and related ISSUE-219 question)

On Jun 11, 2014, at 8:11 AM, Mike O'Neill wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Roy,
> 
> Thinking about Justin's concern, would you accept a friendly amendment to your service provider definition making it clear that data should not be shared outside the context in which it occurred (i.e. our definition of tracking), i.e. even if it is only acting at the behest of its contractee. 

No.  By definition, the service provider does not control how the data
is used by the contractee.

Furthermore, I see no need to restate the definition of tracking.
Nothing in compliance can expand on that definition, since it is a
statement by the user.  If we allow a first party to track across
sites that they do not own, then we are not adhering to DNT:1
and that would be a bug in compliance.

The service provider definition just says that we consider the
service provider to be the same party as the contractee if they
adhere to a set of siloing constraints that are equivalent to them
being a contractor or employee of that party.

....Roy

Received on Wednesday, 11 June 2014 15:50:14 UTC