- From: Mike O'Neill <michael.oneill@baycloud.com>
- Date: Thu, 10 Dec 2015 14:29:40 -0000
- To: "'Rob Sherman'" <robsherman@fb.com>, <public-tracking@w3.org>
- Cc: "'Nick Doty'" <npdoty@w3.org>
- Message-ID: <031701d13357$350beb80$9f23c280$@baycloud.com>
Thanks Rob, I agree the idea is to clarify the distinction rather than reopen the issue. One problem is the definition of Party refers to entities while First Party and Third Party refer to roles. ( A Service Provider is acting in the role of its contractee in the particular network interaction). How about the following (I have taken your suggested wording and formatted it to be added as non-normative text to the Party definition, and renumbered the paragraphs describing dependant definitions): 2.5 Party A party is a natural person, a legal entity, or a set of legal entities that share common owner(s), common controller(s), and a group identity that is easily discoverable by a user. Common branding or providing a list of affiliates that is available via a link from a resource where a party describes DNT practices are examples of ways to provide this discoverability.[no change] When data pertaining to a user’s actions is collected as a result of one or more network interactions a Party acts in one of three roles defined below, i.e. as a Service Provider, as a First Party or as a Third Party. These terms are not meant to denote the business practices of entities as a whole, but rather to describe a party’s role in a particular network interaction. In each interaction an origin server (controlled by a Party) determines in which of these roles it is operating and follows the relevant procedures described under [Server Compliance] 2.5.1 Service Provider [same Definition as existing 2.6] 2.5.2 First Party [same Definition as existing 2.7] 2.5.3 Third Party [same Definition as existing 2.8] From: Rob Sherman [mailto:robsherman@fb.com] Sent: 10 December 2015 05:09 To: Mike O'Neill <michael.oneill@btinternet.com>; public-tracking@w3.org Cc: 'Nick Doty' <npdoty@w3.org> Subject: Re: first-party third-party Mike, I’m not sure that this text helps clarify, and it seems in some ways inconsistent with other provisions of the text that have been agreed upon by the Working Group. For example, your proposal specifies that there can only be a single first party in a particular network interaction, whereas Section 2.7 envisions that in some cases there may be multiple first parties to a given network interaction. Likewise, the standard you specify below (“the entity that a user deliberately intended, in any particular action, to interact with”) is different from the language that’s specified in the agreed-upon text. I don’t think it’s necessary or appropriate to redefine these terms, especially after so much detailed discussion of these issues over the years within the Working Group — and I worry that doing so in this way could introduce multiple definitions, which could increase confusion rather than solve it. If I’m understanding correctly, the main misunderstanding is that some people who haven’t been actively involved in our discussions may believe that the terms “first party” and “third party” are intended to characterize the business practices of particular entities as a whole, rather than to describe their roles in a particular network interaction. Would making just that clarification in non-normative text help address the concern without reopening the substantive issue? Rob Rob Sherman Facebook | Deputy Chief Privacy Officer 1299 Pennsylvania Avenue, NW | Suite 800 | Washington, DC 20004 | 202.370.5147 From: Mike O'Neill <michael.oneill@btinternet.com <mailto:michael.oneill@btinternet.com> > Date: Thursday, November 26, 2015 at 9:50 AM To: "public-tracking@w3.org <mailto:public-tracking@w3.org> " <public-tracking@w3.org <mailto:public-tracking@w3.org> > Cc: Nicholas Doty <npdoty@w3.org <mailto:npdoty@w3.org> > Subject: first-party third-party Resent-From: <public-tracking@w3.org <mailto:public-tracking@w3.org> > Resent-Date: Thursday, November 26, 2015 at 9:51 AM Here is some text aiming to clear up the evident misunderstandings about parties. It could go in the introduction of the TCS or in the Compliance paragraph For the sake of clarity, a first party, as defined in the Definitions section of this document, is the entity that a user deliberately intended, in any particular action, to interact with. Other entities, whether or not they manage servers receiving DNT signals as part of that interaction, are third parties to that user action. The terms “first party” and “third party” is not meant to indicate a particular type of entity but only to differentiate between those that a user intended to interact with, and those they did not.
Received on Thursday, 10 December 2015 14:30:15 UTC