ISSUE-32: Sharing of data between entities via cookie syncing / identity brokering

Sharing of data between entities via cookie syncing / identity brokering

State:
PENDING REVIEW
Product:
Compliance Next
Raised by:
Opened on:
2011-09-21
Description:
[The issue is postponed, yet I though it might be good to have the text associated to it]

In an ID brokering procedure a Demand-Side Platform (DSP) aims to match the ID XYZ it assigned to a user in its domain to the ID ABC set by the Supply Side Platform (SSP) for the same User-Agent U. ID brokering can be done via "Cross-origin resource sharing" or through a cookie syncing procedure which requires that the SSP adds a 1x1 pixel from the DSP domain. The SSP has then to pass the string "cookieABC" corresponding to its domain to the DSP through the URL of this 1x1 pixel. The DSP parses the "cookieABC" in the URL and associates it to the cookieXYZ assigned on its domain. Once the cookies have been matched, the DSP will be able to re-target U on the SSP affiliated sites.

The solution consists in not allowing ID brokering when the SSP receives DNT:ON. If it did not, the SSP may start the ID brokering process but the DSP must not synchronize the ID if it received DNT:ON (this may happen if the SSP is granted an exception but not the DSP). The reason is that if the SSP publishes ads on a limited number of websites, the DSP would know that the client visited at least one of these websites.

4.4.2 Normative text

The operator of domain acting as a third party (SSP) on a website and receiving [DNT-ON] must not load content from a second unaffiliated third party domain (DSP) to transmit a user ID to this third party. When a third party receives [DNT-ON] it must ignore any user ID transmitted by an unaffiliated entity acting as a third party.

Note: Both collection and transmission of ID by third parties may be covered by exemptions defined in Section 4.5.
Related Actions Items:
Related emails:
  1. Batch closing of old issues (from jbrookman@cdt.org on 2015-03-24)
  2. Agenda for May 22 call (from peter@peterswire.net on 2013-05-21)
  3. issue and action cleanup proposals (from npdoty@w3.org on 2013-05-15)
  4. RE: Propose to close issue-32 (Re: [Action-106][Issue-32] Sharing of data between entities via cookie syncing / identity brokering) (from Vincent.Toubiana@alcatel-lucent.com on 2012-11-14)
  5. Re: Agenda for 14 November 2012 call (from tlr@w3.org on 2012-11-14)
  6. Propose to close issue-32 (Re: [Action-106][Issue-32] Sharing of data between entities via cookie syncing / identity brokering) (from tlr@w3.org on 2012-11-13)
  7. RE: Proposed agenda for Amsterdam F2F on October 03-05, 2012 (from wileys@yahoo-inc.com on 2012-09-23)
  8. Proposed agenda for Amsterdam F2F on October 03-05, 2012 (from mts-std@schunter.org on 2012-09-21)
  9. Re: [Action-106][Issue-32] Sharing of data between entities via cookie syncing / identity brokering (from sharvey@google.com on 2012-03-22)
  10. RE: [Action-106][Issue-32] Sharing of data between entities via cookie syncing / identity brokering (from wileys@yahoo-inc.com on 2012-03-21)
  11. RE: [Action-106][Issue-32] Sharing of data between entities via cookie syncing / identity brokering (from Vincent.Toubiana@alcatel-lucent.com on 2012-03-21)
  12. RE: [Action-106][Issue-32] Sharing of data between entities via cookie syncing / identity brokering (from wileys@yahoo-inc.com on 2012-03-21)
  13. RE: [Action-106][Issue-32] Sharing of data between entities via cookie syncing / identity brokering (from Vincent.Toubiana@alcatel-lucent.com on 2012-03-21)
  14. Re: [Action-106][Issue-32] Sharing of data between entities via cookie syncing / identity brokering (from sharvey@google.com on 2012-03-21)
  15. RE: [Action-106][Issue-32] Sharing of data between entities via cookie syncing / identity brokering (from Vincent.Toubiana@alcatel-lucent.com on 2012-03-21)
  16. Agenda for 2012-Mar-21 call (from aleecia@aleecia.com on 2012-03-21)
  17. RE: [Action-106][Issue-32] Sharing of data between entities via cookie syncing / identity brokering (from Vincent.Toubiana@alcatel-lucent.com on 2012-02-16)
  18. Re: [Action-106][Issue-32] Sharing of data between entities via cookie syncing / identity brokering (from sharvey@google.com on 2012-02-16)
  19. Re: [Action-106][Issue-32] Sharing of data between entities via cookie syncing / identity brokering (from sharvey@google.com on 2012-02-16)
  20. Re: [Action-106][Issue-32] Sharing of data between entities via cookie syncing / identity brokering (from aleecia@aleecia.com on 2012-02-15)
  21. Re: [Action-106][Issue-32] Sharing of data between entities via cookie syncing / identity brokering (from aleecia@aleecia.com on 2012-02-15)
  22. RE: [Action-106][Issue-32] Sharing of data between entities via cookie syncing / identity brokering (from wileys@yahoo-inc.com on 2012-02-12)
  23. Re: [Action-106][Issue-32] Sharing of data between entities via cookie syncing / identity brokering (from rob@blaeu.com on 2012-02-12)
  24. [Action-106][Issue-32] Sharing of data between entities via cookie syncing / identity brokering (from Vincent.Toubiana@alcatel-lucent.com on 2012-02-08)
  25. RE: Issue-32, Sharing of data between entities via cookie syncing / identity brokering (from Vincent.Toubiana@alcatel-lucent.com on 2011-12-22)
  26. RE: Issue-32, Sharing of data between entities via cookie syncing / identity brokering (from Vincent.Toubiana@alcatel-lucent.com on 2011-12-22)
  27. Re: Issue-32, Sharing of data between entities via cookie syncing / identity brokering (from derhoermi@gmx.net on 2011-12-22)
  28. RE: Issue-32, Sharing of data between entities via cookie syncing / identity brokering (from jccannon@microsoft.com on 2011-12-21)
  29. RE: Issue-32, Sharing of data between entities via cookie syncing / identity brokering (from wileys@yahoo-inc.com on 2011-12-21)
  30. Issue-32, Sharing of data between entities via cookie syncing / identity brokering (from Vincent.Toubiana@alcatel-lucent.com on 2011-12-21)
  31. Re: Compliance issues (from john@consumerwatchdog.org on 2011-12-07)
  32. Compliance issues (from aleecia@aleecia.com on 2011-12-06)
  33. Next steps on compliance issues (from aleecia@aleecia.com on 2011-12-03)
  34. ISSUE-32: Sharing of data between entities via cookie syncing / identity brokering (from sysbot+tracker@w3.org on 2011-09-21)

Related notes:

As per call and proposed by Aleecia, postpone this until we resolve the question of service providers.

Nick Doty, 21 Mar 2012, 16:56:11

[rigo]: This has a relation to the transitive permissions coming out of the first party getting permissions for its third parties. Shane offered the interpretation that permitted uses of financial and audit recording would allow all data exchanges needed to use an ad auction system. The participants of the auction would use all the data coming from the first party under financial and audit. Rigo expressed the opinion that this is stretching the semantic content

4 Oct 2012, 10:51:51

During issue cleanup, marked as Pending Review Stable. We have a text proposal here, although not sure it's necessary.

Nick Doty, 29 May 2013, 01:58:26

Display change log ATOM feed


Matthias Schunter <matthias.schunter@intel.com>, Chair, Bert Bos <bert@w3.org>, Staff Contact
Tracker: documentation, (configuration for this group), originally developed by Dean Jackson, is developed and maintained by the Systems Team <w3t-sys@w3.org>.
$Id: index.php,v 1.325 2014-09-10 21:42:02 ted Exp $