- From: Mike O'Neill <michael.oneill@baycloud.com>
- Date: Wed, 25 Jun 2014 14:40:20 +0100
- To: "'Dobbs, Brooks'" <Brooks.Dobbs@kbmg.com>, "'Alan Chapell'" <achapell@chapellassociates.com>, "'Walter van Holst'" <walter.van.holst@xs4all.nl>, <public-tracking@w3.org>
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sure, if it is redundant and nobody else wants it in I am fine with taking it out (the stuff about exceptions is redundant also) . I think there should be some mention of OOBC in the TCS (as its talked about in the TPE), but maybe it should be in the introduction. What about the permitted use phrase? That could also just be referred to in its own section? mike > -----Original Message----- > From: Dobbs, Brooks [mailto:Brooks.Dobbs@kbmg.com] > Sent: 25 June 2014 14:25 > To: Mike O'Neill; 'Alan Chapell'; 'Walter van Holst'; public-tracking@w3.org > Subject: Re: ISSUE-219 (context separation) > > I have that, but when does OOBC not override a compliance requirement? > Assuming OOBC trumps any requirement, which I can’t think of an argument > why it wouldn’t, I’m still not sure what this adds? > -- > > Brooks Dobbs, CIPP | Chief Privacy Officer | KBM Group | Part of the > Wunderman Network > (Tel) 678 580 2683 | (Mob) 678 492 1662 | kbmg.com > brooks.dobbs@kbmg.com > > > > This email including attachments may contain confidential information. > If you are not the intended recipient, > do not copy, distribute or act on it. Instead, notify the sender > immediately and delete the message. > > > > On 6/24/14, 5:32 PM, "Mike O'Neill" <michael.oneill@baycloud.com> wrote: > > >-----BEGIN PGP SIGNED MESSAGE----- > >Hash: SHA1 > > > >Hi Brooks, > > > >The “other than with their explicit consent” phrase is to cover OOBC. A > >party may have obtained consent elsewhere but has not for some reason > >used the UGE. For example they might have an authentication cookie after > >a login (and they explained during the login that consent was being given > >for cross-context tracking). > > > >If they use the UGE they get DNT:0 anyway so this section does not apply. > > > > > >Mike > > > > > >> -----Original Message----- > >> From: Dobbs, Brooks [mailto:Brooks.Dobbs@kbmg.com] > >> Sent: 24 June 2014 21:18 > >> To: Alan Chapell; Walter van Holst; public-tracking@w3.org > >> Subject: Re: ISSUE-219 (context separation) > >> > >> Question… > >> Just for purpose of mental processing isn’t this statement more > >>succinctly > >> written. > >> "the third party MUST NOT use data gathered in another context about the > >> user.” > >> > >> Adding “other than with their explicit consent” adds nothing substantive > >> as I can’t imagine the compliance spec is ever meant to undermine the > >> explicit consent of the user > >> And adding “or for permitted uses as as described within this > >> recommendation” also is just fluff as there shouldn’t be a case where > >> permitted uses aren’t explicitly permitted” > >> > >> Just to be clear, and per Alan’s comment, I would read that simpler text > >> to mean that a 3rd party couldn’t use data collected in a 1st party > >> context, but it isn’t clear that a 1st party who later appears in a 3rd > >> party context couldn’t use data? > >> > >> -Brooks > >> > >> > >> > >> > >> -- > >> > >> Brooks Dobbs, CIPP | Chief Privacy Officer | KBM Group | Part of the > >> Wunderman Network > >> (Tel) 678 580 2683 | (Mob) 678 492 1662 | kbmg.com > >> brooks.dobbs@kbmg.com > >> > >> > >> > >> This email including attachments may contain confidential > >>information. > >> If you are not the intended recipient, > >> do not copy, distribute or act on it. Instead, notify the sender > >> immediately and delete the message. > >> > >> > >> > >> On 6/24/14, 3:52 PM, "Alan Chapell" <achapell@chapellassociates.com> > >>wrote: > >> > >> >Hi Walter - > >> > > >> >This language doesn't seem to address a first party acting in a third > >> >party context. Was that by design? > >> > > >> >I strongly support re-inserting the language around first parties not > >> >being able to use data outside the Context in which it was collected. > >> > > >> >Alan > >> > > >> > > >> > > >> > > >> > > >> >On 6/24/14 3:29 PM, "Walter van Holst" <walter.van.holst@xs4all.nl> > >>wrote: > >> > > >> >>On 24/06/2014 17:57, Ninja Marnau wrote: > >> >>> Hi John, hi Mike, > >> >>> > >> >>> we wil probably start a Call for objections on the topic of context > >> >>> separation this wee. Could you take a look at Walter's proposal to > >>see > >> >>> whether it does reflect your text for data append and first > >>parties: "A > >> >>> Party MUST NOT use data gathered while a 1st Party when operating > >>as a > >> >>> 3rd Party.² > >> >>> > >> >>> Here is the link to Walter's text: > >> >>> > >> > >>>https://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_Limitations_on_ > >> use_ > >> >>>i > >> > >>>>>n_Third_Party_Context#Proposal_2:_Prohibit_use_of_data_collected_as_ > an > >> y_ > >> >>>t > >> >>>ype_of_party > >> >>> > >> >> > >> >>Mike, John and I have had a fruitful discussion, which resulted in a > >> >>more precise wording of what I wanted to achieve and I have updated > >>the > >> >>text accordingly to: > >> >> > >> >>"... the third party MUST NOT use data gathered in another context > >>about > >> >>the user, other than with their explicit consent or for permitted uses > >> >>as defined within this recommendation." > >> >> > >> >>I feel this is a make-or-break issue for the compliance specification > >> >>which on top of the privacy issue also has competition implications. A > >> >>strong separation between 1st and 3rd party roles is a must for this > >> >>compliance specification to be credible. > >> >> > >> >>Regards, > >> >> > >> >> Walter > >> >> > >> >> > >> >> > >> > > >> > > >> > > > > >-----BEGIN PGP SIGNATURE----- > >Version: GnuPG v1.4.13 (MingW32) > >Comment: Using gpg4o v3.3.26.5094 - http://www.gpg4o.com/ > >Charset: utf-8 > > > >iQEcBAEBAgAGBQJTqe5XAAoJEHMxUy4uXm2JHzYH/3+jrRayXscseCJ0XyuXPpIl > >fikzAyiCMX9atxGhn9LKQhFgVdlOWsAn1sxA/MZswUPUEJt99pyM17u0YZ0NSGQ > k > >b840KLJuRyDOXwdfnnsw9V52zkiP80PROG5YtVi7jaRVAOTGkikHS4AiIYakem73 > >ImNNkkYzgKWNmROPia28qRkisA7mS177KhoX7iFYozRpIX86L3FMRcW44vxnDu > fB > >FmEF+qDRfE6Qre8OU9eJnwy5j+SQphIvKQaQzUc15D9hkOCGIuGw1YIYZTvnWz > 8h > >WFNr/zmGkaPluj9tl6GRJ3gu4SvpN1pUfmPYiOU/GYPFFndnyRSUVQt5v5fSEcc= > >=CJIz > >-----END PGP SIGNATURE----- > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (MingW32) Comment: Using gpg4o v3.3.26.5094 - http://www.gpg4o.com/ Charset: utf-8 iQEcBAEBAgAGBQJTqtFDAAoJEHMxUy4uXm2JRQYIAOO09BXP3Bore0VEBgXE36JK o9qHAedljf85NBLkUQO5pNZX3Hl5nllwrwtPy2CNnnzJlRKZ2eMQDhzsAbij/KH1 x3CjPUHaPvoOwFShJt8q9oK3KxHMGoQi2JV0f+cD0GpLFFdfe6h0mOujE4e/1lLV Uv7g57v+mkkcPmTMa6C+H1mmQ6kwNWs2UQe/+NQltjC1NrO6RQVyvEztgffQ0Y5w dw0TlaZDEqR6XW+5ewDcA+ho6AUJPo7BB83Z98htjL9H/rEKoequhHQuooLG6FZD cX7a8OeCdik0jeZgu29kCjB6u5it+oVdavvNsj5Khlc4pv12E4KWlCdOuDb0iKs= =N/t8 -----END PGP SIGNATURE-----
Received on Wednesday, 25 June 2014 13:40:51 UTC