- From: Lorrie Cranor <lorrie@research.att.com>
- Date: Wed, 6 Mar 2002 09:25:29 -0500
- To: "Chris Jensen" <cjensen@corp.classmates.com>, <www-p3p-policy@w3.org>
The intent behind the 2.3.2.7 text about data linked via a cookie is to make sure that sites disclose the data practices enabled by a cookie. If the spec limited disclosures to just the data stored in a cookie, most cookies would be labelled simply as storing a unique identifier. This doesn't tell the user very much. The important information is what this identifier gets linked to, and the resulting actions that may be taken. For example, I may not mind if a site uses cookies to monitor my browsing behavior and serve me customized content or ads. But if the cookies that are used to link to gether information about my web browsing in turn get linked to a database with my personally identifiable information, I might object, because I don't want my browsing behavior linked to my name. What data is contained in the cookie vs. in the linked databases, and whether or not any of it is encrypted does not matter from the perspective of trying to figure out what the cookie is actually enabling. Does this help make things clearer? Lorrie
Received on Wednesday, 6 March 2002 09:26:32 UTC