Re: ISSUE-219 (context separation)

On 24/06/2014 17:57, Ninja Marnau wrote:
> Hi John, hi Mike,
> 
> we wil probably start a Call for objections on the topic of context
> separation this wee. Could you take a look at Walter's proposal to see
> whether it does reflect your text for data append and first parties: "A
> Party MUST NOT use data gathered while a 1st Party when operating as a
> 3rd Party.”
> 
> Here is the link to Walter's text:
> https://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_Limitations_on_use_in_Third_Party_Context#Proposal_2:_Prohibit_use_of_data_collected_as_any_type_of_party
> 

Mike, John and I have had a fruitful discussion, which resulted in a
more precise wording of what I wanted to achieve and I have updated the
text accordingly to:

"... the third party MUST NOT use data gathered in another context about
the user, other than with their explicit consent or for permitted uses
as defined within this recommendation."

I feel this is a make-or-break issue for the compliance specification
which on top of the privacy issue also has competition implications. A
strong separation between 1st and 3rd party roles is a must for this
compliance specification to be credible.

Regards,

 Walter

Received on Tuesday, 24 June 2014 19:29:45 UTC