- From: Dobbs, Brooks <Brooks.Dobbs@kbmg.com>
- Date: Tue, 24 Jun 2014 20:17:56 +0000
- To: Alan Chapell <achapell@chapellassociates.com>, Walter van Holst <walter.van.holst@xs4all.nl>, "public-tracking@w3.org" <public-tracking@w3.org>
Question¡¦ Just for purpose of mental processing isn¡¯t this statement more succinctly written. "the third party MUST NOT use data gathered in another context about the user.¡± Adding ¡°other than with their explicit consent¡± adds nothing substantive as I can¡¯t imagine the compliance spec is ever meant to undermine the explicit consent of the user And adding ¡°or for permitted uses as as described within this recommendation¡± also is just fluff as there shouldn¡¯t be a case where permitted uses aren¡¯t explicitly permitted¡± Just to be clear, and per Alan¡¯s comment, I would read that simpler text to mean that a 3rd party couldn¡¯t use data collected in a 1st party context, but it isn¡¯t clear that a 1st party who later appears in a 3rd party context couldn¡¯t use data? -Brooks -- Brooks Dobbs, CIPP | Chief Privacy Officer | KBM Group | Part of the Wunderman Network (Tel) 678 580 2683 | (Mob) 678 492 1662 | kbmg.com brooks.dobbs@kbmg.com This email ¡© including attachments ¡© may contain confidential information. If you are not the intended recipient, do not copy, distribute or act on it. Instead, notify the sender immediately and delete the message. On 6/24/14, 3:52 PM, "Alan Chapell" <achapell@chapellassociates.com> wrote: >Hi Walter - > >This language doesn't seem to address a first party acting in a third >party context. Was that by design? > >I strongly support re-inserting the language around first parties not >being able to use data outside the Context in which it was collected. > >Alan > > > > > >On 6/24/14 3:29 PM, "Walter van Holst" <walter.van.holst@xs4all.nl> wrote: > >>On 24/06/2014 17:57, Ninja Marnau wrote: >>> Hi John, hi Mike, >>> >>> we wil probably start a Call for objections on the topic of context >>> separation this wee. Could you take a look at Walter's proposal to see >>> whether it does reflect your text for data append and first parties: "A >>> Party MUST NOT use data gathered while a 1st Party when operating as a >>> 3rd Party.©÷ >>> >>> Here is the link to Walter's text: >>> >>>https://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_Limitations_on_use_ >>>i >>>n_Third_Party_Context#Proposal_2:_Prohibit_use_of_data_collected_as_any_ >>>t >>>ype_of_party >>> >> >>Mike, John and I have had a fruitful discussion, which resulted in a >>more precise wording of what I wanted to achieve and I have updated the >>text accordingly to: >> >>"... the third party MUST NOT use data gathered in another context about >>the user, other than with their explicit consent or for permitted uses >>as defined within this recommendation." >> >>I feel this is a make-or-break issue for the compliance specification >>which on top of the privacy issue also has competition implications. A >>strong separation between 1st and 3rd party roles is a must for this >>compliance specification to be credible. >> >>Regards, >> >> Walter >> >> >> > > >
Received on Tuesday, 24 June 2014 20:18:25 UTC