Re: Issue-22, possible other direction from Shane Wiley on 2017-05-15 (public-tracking@w3.org from May 2017)

From: Shane Wiley <wileys@yahoo-inc.com>
Date: Mon, 15 May 2017 21:09:49 +0000 (UTC)
To: Rob van Eijk <rob@blaeu.com>, "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
Message-ID: <1922745090.2042774.1494882589020@mail.yahoo.com>

Rob,
If a data controller were to provide a link to a list of their 3rd parties in the TSR or to a user more directly during their consent dialogue, would that meet legal obligations?  
otherParty: www.companyxyz.com/3rdparties/list.html
Why does this need to be machine readable if we're taking blocking off the table?  Additionally, since we already allow publishers to only request site specific exceptions for specific 3rd party domains, why is this additional list needed?  We already appear to have all the utility needed to support ad exchange scenarios such that publishers can request consent for only those 3rd party domains they have knowledge of and a contract with - so what does this add?
If these are true:
   - the Data Controller is responsible for the interaction between themselves and the user with respect to consent,   - consent can be obtained by providing a list of specific third parties in human readable form to a user as long as the scope is specific and informed,   - the current standard allows exceptions (consent) to only be provided for a specific list of third parties (wildcards need not be used),   - AND, as a working group we're not attempting to backdoor tracking protection lists for domain blocking
...I'm not seeing the "transparency" value of otherParty.
- Shane Shane Wiley
VP, Privacy
Yahoo

      From: Rob van Eijk <rob@blaeu.com>
 To: "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org> 
 Sent: Monday, May 15, 2017 12:24 PM
 Subject: FW: Issue-22, possible other direction
   
 FW: Issue-22, possible other direction... including the lsit


-----Original message-----
From: Rob van Eijk
Sent: Monday, May 15 2017, 9:08 pm
To: David Singer; singer@apple.com; Shane Wiley
Cc: Matthias Schunter (Intel Corporation); Roy T. Fielding
Subject: RE: Issue-22, possible other direction

Hi,

I think it may be helpful to go back to the initial consensus [1]. I am not a proponent of an API component in this discussion. I would be happy with a simple, optional (MAY) otherParties property in the TSR that complements the sameParty property. I believe the otherParties property is beneficial for different types of site owners, ranging from non-tracking sites to RTB-driven sites. 

I think we can keep the TPE clean and simple. The aim of the otherParties property is (optional) transparency.

[1] https://lists.w3.org/Archives/Public/public-tracking/2017May/0003.html

Rob
———
PGP id: CC4F3863 [public key]
PGP fingerprint: 1D00 A9FD 7CCB A5A5 850E 2149 BEA0 20B7 CC4F 3863

Social media: @rvaneijk, github, linkedin, ssrn, stackoverflow
———

Received on Monday, 15 May 2017 21:10:26 UTC