- From: Don Marti <notifications@github.com>
- Date: Mon, 15 Mar 2021 10:52:21 -0700
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3ctag/design-reviews/issues/342/799621384@github.com>
In many cases, two domains may be owned by the same corporate entity, but branded in a sufficiently different way that the web user is not aware that they are part of the same "set." Some high-profile examples are * [Most U.S. Adults Don't Know That Instagram, WhatsApp Owned by Facebook - Variety](https://variety.com/2019/digital/news/facebook-owns-instagram-survey-pew-americans-1203364905/) * [LVMH](https://www.lvmh.com/) is a single company that owns "75 distinguished Houses" most of which are long-established famous brands with distinct histories and reputations. Common domain ownership as a standard is likely to produce surprising results in the handling of individuals' sensitive data. (The same user might shop on one LVMH domain for gifts for their spouse, and from another domain for gifts for a co-worker.) Existing browser entity sets are inconsistent in their treatment of commonly owned domains, and there is no recognized standard for when the user-visible terms and UX are adequate for considering domains as part of the same set. It would be more appropriate to look at common privacy policy and user-visible site design and branding to determine if domains could be treated as part of a set by the browser: Some possible criteria: https://github.com/privacycg/first-party-sets/issues/14#issuecomment-797191058 -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/342#issuecomment-799621384
Received on Monday, 15 March 2021 17:52:33 UTC