Re: tracking-ISSUE-219 (Context separation): 3rd parties that are 1st parties must not use data across these contexts [Compliance Current] from David Wainberg on 2013-10-04 (public-tracking@w3.org from October 2013)

From: David Wainberg <dwainberg@appnexus.com>
Date: Fri, 4 Oct 2013 08:37:06 -0400
To: Mike O'Neill <michael.oneill@baycloud.com>
CC: 'Walter van Holst' <walter.van.holst@xs4all.nl>, <public-tracking@w3.org>, 'Rob Sherman' <robsherman@fb.com>
Message-ID: <524EB672.2050109@appnexus.com>

Hi Mike,

On 2013-10-04 6:44 AM, Mike O'Neill wrote:
> David,
>
> IMO people have already decided what Do Not Track means (the clue is in the name), and with >20% downloading ad & cookie blockers, regularly purging cookies etc. a significant proportion are already expressing that preference.
Yes, that's your opinion -- you've decided what DNT means. We shouldn't 
assume anyone or everyone else has, especially when most people do not 
understand the details of how the Internet works. And I don't know that 
ad blocking and cookie blocking tells us much about what DNT should mean 
-- only that users have some concerns. Are they concerned with NSA 
spying or visually intrusive ads or something else?

> A far better option is to respect this with a clear commitment not to retain tracking data (unique ids, fingerprints etc.) , and building trust through the UGE mechanism (consent).
>
> The added value created by individual personalisation (beyond what you could get with low entropy cookies), could be part of the conversation to justify tracking. Isn't that what the deal is supposed be anyway?
I think we've seen in the past that asking users to give consent over 
and over and over is not a good model. It irritates users, desensitizes 
them to the choice (since they just want their content), and it 
incentivizes overly broad consents. A good opt-out is better than a bad 
opt-in.

Also, someone made the point on the call this week that we might 
distinguish personalization from tailoring or customization, since in 
many (or most) cases, it's not personal to the user (no PII). I like 
that distinction.

Best,

David
>
> Mike
>
>
> -----Original Message-----
> From: David Wainberg [mailto:dwainberg@appnexus.com]
> Sent: 03 October 2013 20:16
> To: Mike O'Neill
> Cc: 'Walter van Holst'; public-tracking@w3.org; Rob Sherman
> Subject: Re: tracking-ISSUE-219 (Context separation): 3rd parties that are 1st parties must not use data across these contexts [Compliance Current]
>
> Mike,
>
> On 2013-10-03 7:20 AM, Mike O'Neill wrote:
>> If a user sees personalisation when they have explicitly requested not to be tracked they will assume their wishes are being ignored, and this will damage the credibility of Do Not Track.
> I disagree. I realize it will be a challenge to get right, but since users will be educated about what DNT does or does not do before they make the choice to turn it on, they'll understand that any post-DNT:1 personalization they're seeing is being done in accordance with the DNT rules, and so with limited data retention. In fact, users could come to understand it as a great benefit: they get the personalization, but without their browsing history being accumulated and retained.
>
> Best,
>
> -David
>
>
>

Received on Friday, 4 October 2013 12:37:30 UTC