- From: Mike O'Neill <michael.oneill@baycloud.com>
- Date: Tue, 24 Jun 2014 22:32:08 +0100
- To: "'Dobbs, Brooks'" <Brooks.Dobbs@kbmg.com>, "'Alan Chapell'" <achapell@chapellassociates.com>, "'Walter van Holst'" <walter.van.holst@xs4all.nl>, <public-tracking@w3.org>
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Brooks, The “other than with their explicit consent” phrase is to cover OOBC. A party may have obtained consent elsewhere but has not for some reason used the UGE. For example they might have an authentication cookie after a login (and they explained during the login that consent was being given for cross-context tracking). If they use the UGE they get DNT:0 anyway so this section does not apply. Mike > -----Original Message----- > From: Dobbs, Brooks [mailto:Brooks.Dobbs@kbmg.com] > Sent: 24 June 2014 21:18 > To: Alan Chapell; Walter van Holst; public-tracking@w3.org > Subject: Re: ISSUE-219 (context separation) > > Question… > Just for purpose of mental processing isn’t this statement more succinctly > written. > "the third party MUST NOT use data gathered in another context about the > user.” > > Adding “other than with their explicit consent” adds nothing substantive > as I can’t imagine the compliance spec is ever meant to undermine the > explicit consent of the user > And adding “or for permitted uses as as described within this > recommendation” also is just fluff as there shouldn’t be a case where > permitted uses aren’t explicitly permitted” > > Just to be clear, and per Alan’s comment, I would read that simpler text > to mean that a 3rd party couldn’t use data collected in a 1st party > context, but it isn’t clear that a 1st party who later appears in a 3rd > party context couldn’t use data? > > -Brooks > > > > > -- > > Brooks Dobbs, CIPP | Chief Privacy Officer | KBM Group | Part of the > Wunderman Network > (Tel) 678 580 2683 | (Mob) 678 492 1662 | kbmg.com > brooks.dobbs@kbmg.com > > > > This email including attachments may contain confidential information. > If you are not the intended recipient, > do not copy, distribute or act on it. Instead, notify the sender > immediately and delete the message. > > > > On 6/24/14, 3:52 PM, "Alan Chapell" <achapell@chapellassociates.com> wrote: > > >Hi Walter - > > > >This language doesn't seem to address a first party acting in a third > >party context. Was that by design? > > > >I strongly support re-inserting the language around first parties not > >being able to use data outside the Context in which it was collected. > > > >Alan > > > > > > > > > > > >On 6/24/14 3:29 PM, "Walter van Holst" <walter.van.holst@xs4all.nl> wrote: > > > >>On 24/06/2014 17:57, Ninja Marnau wrote: > >>> Hi John, hi Mike, > >>> > >>> we wil probably start a Call for objections on the topic of context > >>> separation this wee. Could you take a look at Walter's proposal to see > >>> whether it does reflect your text for data append and first parties: "A > >>> Party MUST NOT use data gathered while a 1st Party when operating as a > >>> 3rd Party.² > >>> > >>> Here is the link to Walter's text: > >>> > >>>https://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_Limitations_on_ > use_ > >>>i > >>>n_Third_Party_Context#Proposal_2:_Prohibit_use_of_data_collected_as_an > y_ > >>>t > >>>ype_of_party > >>> > >> > >>Mike, John and I have had a fruitful discussion, which resulted in a > >>more precise wording of what I wanted to achieve and I have updated the > >>text accordingly to: > >> > >>"... the third party MUST NOT use data gathered in another context about > >>the user, other than with their explicit consent or for permitted uses > >>as defined within this recommendation." > >> > >>I feel this is a make-or-break issue for the compliance specification > >>which on top of the privacy issue also has competition implications. A > >>strong separation between 1st and 3rd party roles is a must for this > >>compliance specification to be credible. > >> > >>Regards, > >> > >> Walter > >> > >> > >> > > > > > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (MingW32) Comment: Using gpg4o v3.3.26.5094 - http://www.gpg4o.com/ Charset: utf-8 iQEcBAEBAgAGBQJTqe5XAAoJEHMxUy4uXm2JHzYH/3+jrRayXscseCJ0XyuXPpIl fikzAyiCMX9atxGhn9LKQhFgVdlOWsAn1sxA/MZswUPUEJt99pyM17u0YZ0NSGQk b840KLJuRyDOXwdfnnsw9V52zkiP80PROG5YtVi7jaRVAOTGkikHS4AiIYakem73 ImNNkkYzgKWNmROPia28qRkisA7mS177KhoX7iFYozRpIX86L3FMRcW44vxnDufB FmEF+qDRfE6Qre8OU9eJnwy5j+SQphIvKQaQzUc15D9hkOCGIuGw1YIYZTvnWz8h WFNr/zmGkaPluj9tl6GRJ3gu4SvpN1pUfmPYiOU/GYPFFndnyRSUVQt5v5fSEcc= =CJIz -----END PGP SIGNATURE-----
Received on Tuesday, 24 June 2014 21:32:40 UTC