- From: Rigo Wenning <rigo@w3.org>
- Date: Wed, 02 Nov 2011 09:05:05 -0700
- To: John Simpson <john@consumerwatchdog.org>
- Cc: public-tracking@w3.org, Jonathan Mayer <jmayer@stanford.edu>
John, in a hallway conversation, Matthias expressed the idea that higher data minimization would allow for a more relaxed view on the silo or sharing things etc. Another things is that we could try to define retention limitations before aggregation and relax the rule on what a third party is. Creativity is needed. Best, Rigo On Tuesday 01 November 2011 15:37:18 John Simpson wrote: > Rigo, > > Can you please give us some examples of what the toned compliance > requirements for all would be? I too worry that with a first party third > party distinction there is a real danger that everyone will be a first > party very quickly. > > However, cutting back on the compliance requirements, it seems to me, runs > the very real risk of making DNT essentially meaningless. > > Thanks, > John > > On Nov 1, 2011, at 3:10 PM, Rigo Wenning wrote: > > Add one minority opinion that says that the distinction between first > > and > > third parties is too complex. This mixes technical and legal > > consideration into an indigestible brewing. It will make implementation > > on the service side too complex. It will create risk and ambiguity. > > > > I would rather tone down the compliance requirements for all and not > > distinguish between first and third parties to avoid the difficult > > distinctions. (I can generate a number of challenging distinctions on > > demand) > > > > I also believe that this will create a race into being a first party and > > that every ambiguity will be used to become a first party. At the end > > of the day, everybody will be a first party by contract or other > > virtue. > > > > Best, > > > > Rigo > > > > On Friday 28 October 2011 22:11:24 Jonathan Mayer wrote: > >> (ACTION-25) > >> > >> As I understand it, there are four camps on how to distinguish between > >> first parties and third parties. > >> > >> 1) Domain names (e.g. public suffix + 1). > >> > >> 2) Legal business relationships (e.g. corporate ownership + > >> affiliates). > >> > >> 3) Branding. > >> > >> 4) User expectations. > >> > >> Here are some examples that show the boundaries of these definitions. > >> > >> Example: The user visits Example Website at example.com. Example > >> Website embeds content from examplestatic.com, a domain controlled by > >> Example Website and used to host static content. > >> > >> Discussion: Content from the examplestatic.com domain is first-party > >> under every test save the first. > >> > >> Example: Example Website (example.com) strikes a deal with Example > >> Affiliate (affiliate.com), an otherwise unrelated company, to share > >> user data. The user visits Example Website, and it embeds content > >> from Example Affiliate. > >> > >> Discussion: Content from Example Affiliate is third-party under every > >> test save the second. > >> > >> Example: Example Website embeds a widget from Example Social > >> Aggregator. > >> The widget includes a prominent logo for Example Social Aggregator, > >> though a user is unlikely to recognize it. > >> > >> Discussion: Content from Example Social Aggregator is third-party > >> under > >> every test save the third. > > ---------- > John M. Simpson > Consumer Advocate > Consumer Watchdog > 1750 Ocean Park Blvd. ,Suite 200 > Santa Monica, CA,90405 > Tel: 310-392-7041 > Cell: 310-292-1902 > www.ConsumerWatchdog.org > john@consumerwatchdog.org
Received on Wednesday, 2 November 2011 16:05:52 UTC