Re: ISSUE-219 (context separation)

Hi Justin,


I’m confused here. My proposal not to allow data append, now subject of a call for objections, includes language that would prevent using data gathered as a 1st party when you are a third party:

"When DNT:1 is received:

"A 1st Party MUST NOT combine or otherwise use identifiable data received from another party with data it has collected while a 1st Party.

"A 1st Party MUST NOT share identifiable data with another party unless the data was provided voluntarily by, or necessary to supply a service explicitly requested by, the user.

"A Party MUST NOT use data gathered while a 1st Party when operating as a 3rd Party.

"A 1st Party MAY elect further restrictions on the collection or use of such data."


Regards,
John



On Jun 19, 2014, at 9:47 AM, Justin Brookman <jbrookman@cdt.org> wrote:

> As we discussed on the call this week, we are narrowing in on two options on how to deal with first parties using their data in different, third-party contexts under Do Not Track.
> 
> The current proposals are to stay silent on the issue --- effectively permitting first parties to use data in third-party contexts.
> 
> The second option, proposed by Walter van Holst, proposes new language and would prohibit third parties from personalizing content based on old first-party data.  His amendment states that when a third party receives a DNT:1 signal, 
> 
> the third party MUST NOT use data about previous network interactions outside of the permitted uses as defined within this recommendation and any explicitly-granted exceptions, provided in accordance with the requirements of this recommendation.
> 
> If anyone has a friendly amendment to Walter's language, please propose it!  Otherwise, we will go to a call for objection on this issue next week.
>