Re: [ISSUE-5] What is the definition of tracking? from Roy T. Fielding on 2012-03-07 (public-tracking@w3.org from March 2012)

From: Roy T. Fielding <fielding@gbiv.com>
Date: Wed, 7 Mar 2012 12:50:11 -0800
To: JC Cannon <jccannon@microsoft.com>
Cc: Jonathan Mayer <jmayer@stanford.edu>, Chris Pedigo <CPedigo@online-publishers.org>, Tracking Protection Working Group WG <public-tracking@w3.org>
Message-Id: <C133F089-7E43-4362-8267-6509DADE00A2@gbiv.com>

On Mar 7, 2012, at 9:00 AM, JC Cannon wrote:

> If the statement only applies to third parties it should be so stated. I just want to avoid confusion.

I fully intend the definition of tracking to apply to all parties,
because that is how a user would interpret the term.  It enables
a first-party site to say to the user "I am tracking you on this site
but it is limited to this context and the data is not shared with
third-parties except as limited by outsourcing."

Such a statement can be the basis for prior, specific, and informed
consent, which is what the EU regulators require of all parties performing
tracking (not just third-parties).  It is also consistent with the
option as defined in current browsers.  And it allows for transparency
in the tracking status response.

The exemption for first party sites is defined by the clauses for
"Do Not Track", since that can be defined in a specific way that
acknowledges that the user has requested a service from the
first-party and that service is allowed to perform tracking,
which is reflected in the tracking status resource.

I categorically reject that any informed consent is possible without
a definition of tracking.  I can live with a standard that only covers
third-party tracking if that is the scope we all agree to address,
but I had the exact opposite reaction from my last proposal.

....Roy

Received on Wednesday, 7 March 2012 20:50:35 UTC