Issue-32, Sharing of data between entities via cookie syncing / identity brokering from TOUBIANA, VINCENT (VINCENT) on 2011-12-21 (public-tracking@w3.org from December 2011)

From: TOUBIANA, VINCENT (VINCENT) <Vincent.Toubiana@alcatel-lucent.com>
Date: Wed, 21 Dec 2011 15:10:58 +0100
To: "public-tracking@w3.org" <public-tracking@w3.org>
CC: "aleecia@aleecia.com" <aleecia@aleecia.com>
Message-ID: <4D30AC7C2C82C64580A0E798A171B44448888A7EC6@FRMRSSXCHMBSD1.dc-m.alcatel-lucent.c>

Proposed language:
"The operator of third-party domain acting as a Supply Side Platform (SSP) receiving [DNT-ON] MAY start a cookie syncing procedure (i.e. transmit its segment ID  to DSP) but MUST NOT retain information related to the communication initiated by the User-Agent or any resulting communication.
A third party acting as a Demand-Side Platform (DSP) receiving [DNT-ON] during a cookie syncing procedure MUST NOT collect, use or retain any information related to that communication."

Background:
In a cookie syncing procedure a Demand-Side Platform (DSP) aim to match a cookieXYZ (corresponding to its domain) to the cookieABC set by the Supply Side Platform (SSP) for the same User-Agent U. Cookie syncing requires that the SSP adds a 1x1 pixel from the DSP domain. The SSP has to pass the string "cookieABC" corresponding to ids domain to the DSP through the URL of this 1x1 pixel. The DSP parses the "cookieABC" in the URL and associates it to the cookieXYZ for its domain. Once the cookies have been matches, the DSP will be able to re-target U on the SSP affiliated sites.

Alternative:
I tried propose a draft that would not break cookie syncing when the DSP has been granted an exemption while the SSP hasn't. If this approach does not work, a simpler solution is to prohibit cookie syncing when the third party receives DNT:ON.

Received on Wednesday, 21 December 2011 14:11:44 UTC