- From: Jonathan Mayer <jmayer@stanford.edu>
- Date: Thu, 30 Aug 2012 18:00:18 -0700
- To: "Roy T. Fielding" <fielding@gbiv.com>
- Cc: rob@blaeu.com, public-tracking@w3.org
- Message-ID: <34E1E89A2B974F4FA2266B52C907A010@gmail.com>
Roy, A number of participants have articulated use cases for a service provider flag. There was extensive discussion of the topic on the final day in Bellevue. Proposed use cases have largely focused on transparency for users, researchers, and policymakers, much like the use cases for a third-party flag. I'm not aware of any mainstream user agent that intends to "discriminate against service providers" that honor Do Not Track. I very much appreciate your candor about Adobe's interests. I understand why a prolific service provider might not want to identify itself, and I'm aware that Adobe often uses domain aliases (e.g. metrics.apple.com) in part for those reasons. I think the next step should be text proposals and a straw poll. If we have consensus either way, great. If not, on to the written objection process. Best, Jonathan On Thursday, August 30, 2012 at 4:19 PM, Roy T. Fielding wrote: > On Aug 30, 2012, at 1:39 PM, Rob van Eijk wrote: > > > We are dealing with entities processing data on behalf of multiple first parties for a myriad of purposes. > > No, we are dealing with one or more entities processing data for > one first party, for the purpose given by that first party, > with only a single data controller being responsible. Otherwise, > the service provider case would not be applicable. > > > Since Issue 137 is a TPE issue, why not use the technical argument of machine-readable identification of service providers at the moment they are processing data on behalf of the first party? If the argument is that a legal policy is close by, you avoid a technical solution. Isn't the task at hand in the TPE to contribute to transparancy on a HTTP transaction level? > > We already have contributed to transparency by identifying the > first party (data controller) and agreeing to adhere to the > constraints that prevent a service provider from being a joint > controller. Those are real privacy concerns, so we addressed > them in the spec. > > What is requested in ISSUE-137 is that we wear a scarlet letter S > while performing services on behalf of our customers, while > collecting the same data, processing it for the same purpose, > and with the same level of confidentiality as the large > conglomerates that do not rely on service providers. > > If UAs use that information to discriminate against service > providers, then it would provide a market advantage to large > companies that own their own analytics services (including for > Adobe's own web properties). We simply refuse to allow that > opportunity to occur, and will not tolerate it as a requirement. > > There is no privacy concern that justifies such a requirement. > Without that justification, Adobe will not implement it regardless > of the opinions of the rest of the WG. If the WG insists that it > be part of the Recommendation, then Adobe will file a formal > objection, I will exit the group, and not a single implementation > that I am responsible for will ever implement that Rec. > > If the WG can make a formal decision that overrides my objection, > then so be it. Otherwise, the chairs should close the issue and > move on. > > ....Roy
Received on Friday, 31 August 2012 01:00:46 UTC