- From: Dobbs, Brooks <Brooks.Dobbs@kbmg.com>
- Date: Wed, 25 Jun 2014 13:24:30 +0000
- To: Mike O'Neill <michael.oneill@baycloud.com>, 'Alan Chapell' <achapell@chapellassociates.com>, 'Walter van Holst' <walter.van.holst@xs4all.nl>, "public-tracking@w3.org" <public-tracking@w3.org>
I have that, but when does OOBC not override a compliance requirement? Assuming OOBC trumps any requirement, which I can¡¯t think of an argument why it wouldn¡¯t, I¡¯m still not sure what this adds? -- Brooks Dobbs, CIPP | Chief Privacy Officer | KBM Group | Part of the Wunderman Network (Tel) 678 580 2683 | (Mob) 678 492 1662 | kbmg.com brooks.dobbs@kbmg.com This email ¡© including attachments ¡© may contain confidential information. If you are not the intended recipient, do not copy, distribute or act on it. Instead, notify the sender immediately and delete the message. On 6/24/14, 5:32 PM, "Mike O'Neill" <michael.oneill@baycloud.com> wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >Hi Brooks, > >The ¡°other than with their explicit consent¡± phrase is to cover OOBC. A >party may have obtained consent elsewhere but has not for some reason >used the UGE. For example they might have an authentication cookie after >a login (and they explained during the login that consent was being given >for cross-context tracking). > >If they use the UGE they get DNT:0 anyway so this section does not apply. > > >Mike > > >> -----Original Message----- >> From: Dobbs, Brooks [mailto:Brooks.Dobbs@kbmg.com] >> Sent: 24 June 2014 21:18 >> To: Alan Chapell; Walter van Holst; public-tracking@w3.org >> Subject: Re: ISSUE-219 (context separation) >> >> Question¡¦ >> Just for purpose of mental processing isn¡¯t this statement more >>succinctly >> written. >> "the third party MUST NOT use data gathered in another context about the >> user.¡± >> >> Adding ¡°other than with their explicit consent¡± adds nothing substantive >> as I can¡¯t imagine the compliance spec is ever meant to undermine the >> explicit consent of the user >> And adding ¡°or for permitted uses as as described within this >> recommendation¡± also is just fluff as there shouldn¡¯t be a case where >> permitted uses aren¡¯t explicitly permitted¡± >> >> Just to be clear, and per Alan¡¯s comment, I would read that simpler text >> to mean that a 3rd party couldn¡¯t use data collected in a 1st party >> context, but it isn¡¯t clear that a 1st party who later appears in a 3rd >> party context couldn¡¯t use data? >> >> -Brooks >> >> >> >> >> -- >> >> Brooks Dobbs, CIPP | Chief Privacy Officer | KBM Group | Part of the >> Wunderman Network >> (Tel) 678 580 2683 | (Mob) 678 492 1662 | kbmg.com >> brooks.dobbs@kbmg.com >> >> >> >> This email ¡© including attachments ¡© may contain confidential >>information. >> If you are not the intended recipient, >> do not copy, distribute or act on it. Instead, notify the sender >> immediately and delete the message. >> >> >> >> On 6/24/14, 3:52 PM, "Alan Chapell" <achapell@chapellassociates.com> >>wrote: >> >> >Hi Walter - >> > >> >This language doesn't seem to address a first party acting in a third >> >party context. Was that by design? >> > >> >I strongly support re-inserting the language around first parties not >> >being able to use data outside the Context in which it was collected. >> > >> >Alan >> > >> > >> > >> > >> > >> >On 6/24/14 3:29 PM, "Walter van Holst" <walter.van.holst@xs4all.nl> >>wrote: >> > >> >>On 24/06/2014 17:57, Ninja Marnau wrote: >> >>> Hi John, hi Mike, >> >>> >> >>> we wil probably start a Call for objections on the topic of context >> >>> separation this wee. Could you take a look at Walter's proposal to >>see >> >>> whether it does reflect your text for data append and first >>parties: "A >> >>> Party MUST NOT use data gathered while a 1st Party when operating >>as a >> >>> 3rd Party.©÷ >> >>> >> >>> Here is the link to Walter's text: >> >>> >> >>>https://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_Limitations_on_ >> use_ >> >>>i >> >>>>>n_Third_Party_Context#Proposal_2:_Prohibit_use_of_data_collected_as_an >> y_ >> >>>t >> >>>ype_of_party >> >>> >> >> >> >>Mike, John and I have had a fruitful discussion, which resulted in a >> >>more precise wording of what I wanted to achieve and I have updated >>the >> >>text accordingly to: >> >> >> >>"... the third party MUST NOT use data gathered in another context >>about >> >>the user, other than with their explicit consent or for permitted uses >> >>as defined within this recommendation." >> >> >> >>I feel this is a make-or-break issue for the compliance specification >> >>which on top of the privacy issue also has competition implications. A >> >>strong separation between 1st and 3rd party roles is a must for this >> >>compliance specification to be credible. >> >> >> >>Regards, >> >> >> >> Walter >> >> >> >> >> >> >> > >> > >> > > >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.4.13 (MingW32) >Comment: Using gpg4o v3.3.26.5094 - http://www.gpg4o.com/ >Charset: utf-8 > >iQEcBAEBAgAGBQJTqe5XAAoJEHMxUy4uXm2JHzYH/3+jrRayXscseCJ0XyuXPpIl >fikzAyiCMX9atxGhn9LKQhFgVdlOWsAn1sxA/MZswUPUEJt99pyM17u0YZ0NSGQk >b840KLJuRyDOXwdfnnsw9V52zkiP80PROG5YtVi7jaRVAOTGkikHS4AiIYakem73 >ImNNkkYzgKWNmROPia28qRkisA7mS177KhoX7iFYozRpIX86L3FMRcW44vxnDufB >FmEF+qDRfE6Qre8OU9eJnwy5j+SQphIvKQaQzUc15D9hkOCGIuGw1YIYZTvnWz8h >WFNr/zmGkaPluj9tl6GRJ3gu4SvpN1pUfmPYiOU/GYPFFndnyRSUVQt5v5fSEcc= >=CJIz >-----END PGP SIGNATURE----- >
Received on Wednesday, 25 June 2014 13:25:00 UTC