Re: first-party third-party from Rob Sherman on 2015-12-10 (public-tracking@w3.org from December 2015)

From: Rob Sherman <robsherman@fb.com>
Date: Thu, 10 Dec 2015 05:08:51 +0000
To: "Mike O'Neill" <michael.oneill@btinternet.com>, "public-tracking@w3.org" <public-tracking@w3.org>
CC: "'Nick Doty'" <npdoty@w3.org>
Message-ID: <D28E7161.9FEE5%robsherman@fb.com>

Mike,

I’m not sure that this text helps clarify, and it seems in some ways inconsistent with other provisions of the text that have been agreed upon by the Working Group.  For example, your proposal specifies that there can only be a single first party in a particular network interaction, whereas Section 2.7 envisions that in some cases there may be multiple first parties to a given network interaction.  Likewise, the standard you specify below (“the entity that a user deliberately intended, in any particular action, to interact with”) is different from the language that’s specified in the agreed-upon text.  I don’t think it’s necessary or appropriate to redefine these terms, especially after so much detailed discussion of these issues over the years within the Working Group — and I worry that doing so in this way could introduce multiple definitions, which could increase confusion rather than solve it.

If I’m understanding correctly, the main misunderstanding is that some people who haven’t been actively involved in our discussions may believe that the terms “first party” and “third party” are intended to characterize the business practices of particular entities as a whole, rather than to describe their roles in a particular network interaction.  Would making just that clarification in non-normative text help address the concern without reopening the substantive issue?

Rob


Rob Sherman
Facebook | Deputy Chief Privacy Officer
1299 Pennsylvania Avenue, NW | Suite 800 | Washington, DC 20004 | 202.370.5147

From: Mike O'Neill <michael.oneill@btinternet.com<mailto:michael.oneill@btinternet.com>>
Date: Thursday, November 26, 2015 at 9:50 AM
To: "public-tracking@w3.org<mailto:public-tracking@w3.org>" <public-tracking@w3.org<mailto:public-tracking@w3.org>>
Cc: Nicholas Doty <npdoty@w3.org<mailto:npdoty@w3.org>>
Subject: first-party third-party
Resent-From: <public-tracking@w3.org<mailto:public-tracking@w3.org>>
Resent-Date: Thursday, November 26, 2015 at 9:51 AM

Here is some text aiming to clear up the evident misunderstandings about parties. It could go in the introduction of the TCS or in the Compliance paragraph

For the sake of clarity, a first party, as defined in the Definitions section of this document, is the entity that a user deliberately intended, in any particular action, to interact with. Other entities, whether or not they manage servers receiving DNT signals as part of that interaction, are third parties to that user action. The terms “first party” and “third party” is not meant to indicate a particular type of entity but only to differentiate between those that a user intended to interact with, and those they did not.

Received on Thursday, 10 December 2015 05:09:19 UTC