- From: Justin Brookman <justin@cdt.org>
- Date: Wed, 08 Feb 2012 10:16:06 -0500
- To: public-tracking@w3.org
- Message-ID: <4F3291B6.5060405@cdt.org>
I think Sean's restatement of the issue is a bit ambiguous. The key question is not whether a first party can alter its own websites and advertising on those sites based on data it collected as a first party. It's about whether they can then leverage that data when they're in a third-party environment. I was tasked with writing up language on this in Brussels, but upon reflection, my vision is already allowed for in the text: a third-party may customize content or advertising on other sites based on data it had collected as a first-party. Thus, Yahoo! can serve ads on the New York Times based on what I had done on the Yahoo! site (or registration information I had provided to Yahoo!) and Facebook can tell me what my friends like in a social widget when I go to the WashingtonPost.com --- as long as neither collects the fact that I went to NYT or WaPo (apart from exceptions like ad reporting, fraud, analytics) and certainly does not add that information to a profile about me. The language in the draft currently allows for this. However, I will try to put together some non-normative language on this today to make it clear. I have heard the argument that this unduly favors first-party sites who have a lot of user data, but I also think the privacy implications are dramatically reduced when ads are influenced based on data that a party already has about you. Shane, you had seemed to disagree with this idea in Brussels, so if you want to put forward a countersuggestion that's fine. Alternatively, Tom had disagreed on one of the calls that Facebook should be allowed to personalize content based on data it had collected as a first-party, so he may want to proffer another suggestion. I could see a stronger argument against allowing Yahoo! to use passively-collected data about what I read on the Yahoo! site rather than using affirmatively provided info, but I personally wouldn't draw the line there. It's also possible this issue is currently being discussed elsewhere on the mailing list, but I have not remotely been able to keep up. Justin Brookman Director, Consumer Privacy Center for Democracy& Technology 1634 I Street NW, Suite 1100 Washington, DC 20006 tel 202.407.8812 fax 202.637.0969 justin@cdt.org http://www.cdt.org @CenDemTech @JustinBrookman On 2/6/2012 10:10 AM, Shane Wiley wrote: > > And the proposed answer, "YES", as this appears to capture the 1^st > party exception cleanly and we have other statements that disallow a > 1^st party from sharing information with 3^rd parties when DNT:1. > > - Shane > > *From:*Sean Harvey [mailto:sharvey@google.com] > *Sent:* Sunday, February 05, 2012 5:27 PM > *To:* public-tracking@w3.org Group WG > *Subject:* ACTION-69: Renaming ISSUE-54 > > Hi all, apologies for the delay in submitting my action item. > > ISSUE-54 is intended to get at the question of whether or not a first > party is allowed to leverage their own data, including registration > data provided by the user at a previous time, in the context of a DNT > header being ON. > > Keep in mind I am not intending to provide an answer, only to more > appropriately rename the topic. > > In light of this I propose the Issue be renamed: > > "Can first parties customize their own websites or advertising based > on their own user data when a DNT header is ON?" >
Received on Wednesday, 8 February 2012 15:19:24 UTC