Re: ISSUE-219 (context separation) from Ninja Marnau on 2014-06-19 (public-tracking@w3.org from June 2014)

From: Ninja Marnau <ninja@w3.org>
Date: Fri, 20 Jun 2014 00:07:49 +0200
To: John Simpson <john@consumerwatchdog.org>, Mike O'Neill <michael.oneill@baycloud.com>
CC: Justin Brookman <jbrookman@cdt.org>, W3C DNT Working Group Mailing List <public-tracking@w3.org>
Message-ID: <53A35F35.6070300@w3.org>

John, Mike, I changed your text proposal for first parties and data 
append, taking down the requirement: "A Party MUST NOT use data gathered 
while a 1st Party when operating as a 3rd Party.”

As Justin said, it is easier for the group to discuss this only in one 
place: ISSUE-219.

Can I ask you to take a look, whether you can live with Walter's text 
proposal or would like to suggest friendly amendments? Here is the 
pointer to Walter's text: 
https://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_Limitations_on_use_in_Third_Party_Context#Proposal_2:_Prohibit_use_of_data_collected_as_any_type_of_party

Ninja

Am 19.06.14 21:44, schrieb Justin Brookman:
> My apologies John, I didn't notice that your language was designed to 
> address both issues.  Thank you for drawing attention to that!
>
> I'd like to separate the two issues out, so I'm going to remove that 
> sentence from the proposal in the call for objections.  If you think 
> Walter's language on 219 is sufficient to accomplish the same thing, 
> then we can just go with his language.  If you want to propose a 
> friendly amendment to Walter's (or argue to replace his with yours), 
> then you can do that too.  But I don't think we should conflate 170 
> and 219 --- I should have noted that earlier.
>
> On Jun 19, 2014, at 3:40 PM, John Simpson <john@consumerwatchdog.org 
> <mailto:john@consumerwatchdog.org>> wrote:
>
>> Hi Justin,
>>
>>
>> I’m confused here. My proposal not to allow data append, now subject 
>> of a call for objections, includes language that would prevent using 
>> data gathered as a 1st party when you are a third party:
>>
>> "When DNT:1 is received:
>>
>> "A 1st Party MUST NOT combine or otherwise use identifiable data 
>> received from another party with data it has collected while a 1st Party.
>>
>> "A 1st Party MUST NOT share identifiable data with another party 
>> unless the data was provided voluntarily by, or necessary to supply a 
>> service explicitly requested by, the user.
>>
>> "*A Party MUST NOT use data gathered while a 1st Party when operating 
>> as a 3rd Party.*
>>
>> "A 1st Party MAY elect further restrictions on the collection or use 
>> of such data."
>>
>>
>> Regards,
>> John
>>
>>
>>
>> On Jun 19, 2014, at 9:47 AM, Justin Brookman <jbrookman@cdt.org 
>> <mailto:jbrookman@cdt.org>> wrote:
>>
>>> As we discussed on the call this week, we are narrowing in on two 
>>> options on how to deal with first parties using their data in 
>>> different, third-party contexts under Do Not Track.
>>>
>>> The current proposals are to stay silent on the issue --- 
>>> effectively permitting first parties to use data in third-party 
>>> contexts.
>>>
>>> The second option, proposed by Walter van Holst, proposes new 
>>> language and would prohibit third parties from personalizing content 
>>> based on old first-party data.  His amendment states that when a 
>>> third party receives a DNT:1 signal,
>>>
>>> the third party MUST NOT use data about previous network 
>>> interactions outside of the permitted uses as defined within this 
>>> recommendation and any explicitly-granted exceptions, provided in 
>>> accordance with the requirements of this recommendation.
>>>
>>> If anyone has a friendly amendment to Walter's language, please 
>>> propose it!  Otherwise, we will go to a call for objection on this 
>>> issue next week.
>>>
>>
>

Received on Thursday, 19 June 2014 22:08:23 UTC