- From: Roy T. Fielding <fielding@gbiv.com>
- Date: Wed, 11 Jun 2014 08:49:53 -0700
- To: "Mike O'Neill" <michael.oneill@baycloud.com>
- Cc: "'Justin Brookman'" <jbrookman@cdt.org>, "'W3C DNT Working Group Mailing List'" <public-tracking@w3.org>
On Jun 11, 2014, at 8:11 AM, Mike O'Neill wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Roy, > > Thinking about Justin's concern, would you accept a friendly amendment to your service provider definition making it clear that data should not be shared outside the context in which it occurred (i.e. our definition of tracking), i.e. even if it is only acting at the behest of its contractee. No. By definition, the service provider does not control how the data is used by the contractee. Furthermore, I see no need to restate the definition of tracking. Nothing in compliance can expand on that definition, since it is a statement by the user. If we allow a first party to track across sites that they do not own, then we are not adhering to DNT:1 and that would be a bug in compliance. The service provider definition just says that we consider the service provider to be the same party as the contractee if they adhere to a set of siloing constraints that are equivalent to them being a contractor or employee of that party. ....Roy
Received on Wednesday, 11 June 2014 15:50:14 UTC