Re: ISSUE-219 (context separation)

Hi Walter -

This language doesn't seem to address a first party acting in a third
party context. Was that by design?

I strongly support re-inserting the language around first parties not
being able to use data outside the Context in which it was collected.

Alan





On 6/24/14 3:29 PM, "Walter van Holst" <walter.van.holst@xs4all.nl> wrote:

>On 24/06/2014 17:57, Ninja Marnau wrote:
>> Hi John, hi Mike,
>> 
>> we wil probably start a Call for objections on the topic of context
>> separation this wee. Could you take a look at Walter's proposal to see
>> whether it does reflect your text for data append and first parties: "A
>> Party MUST NOT use data gathered while a 1st Party when operating as a
>> 3rd Party.²
>> 
>> Here is the link to Walter's text:
>> 
>>https://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_Limitations_on_use_i
>>n_Third_Party_Context#Proposal_2:_Prohibit_use_of_data_collected_as_any_t
>>ype_of_party
>> 
>
>Mike, John and I have had a fruitful discussion, which resulted in a
>more precise wording of what I wanted to achieve and I have updated the
>text accordingly to:
>
>"... the third party MUST NOT use data gathered in another context about
>the user, other than with their explicit consent or for permitted uses
>as defined within this recommendation."
>
>I feel this is a make-or-break issue for the compliance specification
>which on top of the privacy issue also has competition implications. A
>strong separation between 1st and 3rd party roles is a must for this
>compliance specification to be credible.
>
>Regards,
>
> Walter
>
>
>

Received on Tuesday, 24 June 2014 19:53:29 UTC