- From: Mike O'Neill <michael.oneill@baycloud.com>
- Date: Tue, 24 Jun 2014 22:25:57 +0100
- To: "'Alan Chapell'" <achapell@chapellassociates.com>, "'Walter van Holst'" <walter.van.holst@xs4all.nl>, <public-tracking@w3.org>
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Alan, The text here is about what a server can do when it is addressed as a third-party, and says that they cannot user data (about the user) "gathered in another context" i.e. data they may have collected when they were a first-party or a third-party somewhere else. In addition Option B of the CfO on issue-170 (which is about servers being addressed as first-parties) answers your concern by ruling out the first-party using data from other contexts: Mike > -----Original Message----- > From: Alan Chapell [mailto:achapell@chapellassociates.com] > Sent: 24 June 2014 20:53 > To: Walter van Holst; public-tracking@w3.org > Subject: Re: ISSUE-219 (context separation) > > Hi Walter - > > This language doesn't seem to address a first party acting in a third > party context. Was that by design? > > I strongly support re-inserting the language around first parties not > being able to use data outside the Context in which it was collected. > > Alan > > > > > > On 6/24/14 3:29 PM, "Walter van Holst" <walter.van.holst@xs4all.nl> wrote: > > >On 24/06/2014 17:57, Ninja Marnau wrote: > >> Hi John, hi Mike, > >> > >> we wil probably start a Call for objections on the topic of context > >> separation this wee. Could you take a look at Walter's proposal to see > >> whether it does reflect your text for data append and first parties: "A > >> Party MUST NOT use data gathered while a 1st Party when operating as a > >> 3rd Party.² > >> > >> Here is the link to Walter's text: > >> > >>https://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_Limitations_on_u > se_i > >>n_Third_Party_Context#Proposal_2:_Prohibit_use_of_data_collected_as_any > _t > >>ype_of_party > >> > > > >Mike, John and I have had a fruitful discussion, which resulted in a > >more precise wording of what I wanted to achieve and I have updated the > >text accordingly to: > > > >"... the third party MUST NOT use data gathered in another context about > >the user, other than with their explicit consent or for permitted uses > >as defined within this recommendation." > > > >I feel this is a make-or-break issue for the compliance specification > >which on top of the privacy issue also has competition implications. A > >strong separation between 1st and 3rd party roles is a must for this > >compliance specification to be credible. > > > >Regards, > > > > Walter > > > > > > > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (MingW32) Comment: Using gpg4o v3.3.26.5094 - http://www.gpg4o.com/ Charset: utf-8 iQEcBAEBAgAGBQJTqezkAAoJEHMxUy4uXm2JgkMH/j55c/yraHx1bKU5M0iPOD/s 8t3P+LAPt1UJfjlI4kaTKF4O/Sf1907H6cvPtm11JbZOyHUxLBl1ymKqJAHoe6Fz wC8gX0dtgxP/qqGnYyZv/GUjoedvzxFSaak+Vo3wqnN/WWm/mb+LZguCST30zXvV SQLxHRHPNQObgRT372O4lCsmcUtvICe4eqENh5dt6nQOgmUAcjax2MXg11TB22ee +HfEtQbRn0SckVHmXqMxdpCHnJ8ER5qmrYoXzoxyW2v1EC1IxrlZQx+CM/SXbRMA 7/rXxfhzNAiErDDg95vJJpqrSJp4M3a0iRk+fixGK1RK2CVCUR1K4H1+YvsQ9iI= =xoIM -----END PGP SIGNATURE-----
Received on Tuesday, 24 June 2014 21:26:30 UTC