- From: Shane M Wiley <wileys@yahoo-inc.com>
- Date: Mon, 7 Oct 2013 22:10:02 +0000
- To: "Matthias Schunter (Intel Corporation)" <mts-std@schunter.org>, "public-tracking@w3.org" <public-tracking@w3.org>
The user provides consent outside of DNT UGE (out of band consent). Now comes the tricky part of what constitutes "consent" in this case. The core purpose of a site (David Singer has offered good examples in the past), a "clear" note in their registration process, the site TOS and PP, contextual notice and control options, more? - Shane -----Original Message----- From: Matthias Schunter (Intel Corporation) [mailto:mts-std@schunter.org] Sent: Thursday, October 03, 2013 11:38 PM To: public-tracking@w3.org Subject: Re: tracking-ISSUE-219 (Context separation): 3rd parties that are 1st parties must not use data across these contexts [Compliance Current] Hi! just to clarify. We are discussing the following case: - User has DNT;1 turned on "always" (for this example) - No exceptions are in place for the given party - The party has 1st and 3rd party elements (e.g., main site and widget) In a separate discussion, we discuss whether some privacy-preserving personalisation (e.g., language selection) shall be permitted (e.g., using a low entropy cookie). We now discuss two cases: (a) Whether the party can transfer information from the 1st party to a 3rd party context (b) Whether the party can transfer information from the 3rd party to the 1st party context The focus of this discussion was case (a): Can the party use 1st part data in the 3rd party context. Examples I see: - Personalisation of widget "Hi Joe!" - Tailoring of offers by the widget - Reading lists and other functionalities I would expect these user experiences if I have given the party a web-wide exception. Personally, I would deem these user experiences disturbing if I told everyone that I do not want to be tracked: "I told party not to track me. How did they find out that it's me visiting this other site?". And personally speaking, I would normally expect that 3rd and 1st party contexts cannot be correlated. However, I would be interested in counterexamples and arguments why my personal expectations are different from normal users and/or why my examples do not make sense. Feedback? Regards, matthias On 03/10/2013 21:16, David Wainberg wrote: > Mike, > > On 2013-10-03 7:20 AM, Mike O'Neill wrote: >> If a user sees personalisation when they have explicitly requested >> not to be tracked they will assume their wishes are being ignored, >> and this will damage the credibility of Do Not Track. > I disagree. I realize it will be a challenge to get right, but since > users will be educated about what DNT does or does not do before they > make the choice to turn it on, they'll understand that any post-DNT:1 > personalization they're seeing is being done in accordance with the > DNT rules, and so with limited data retention. In fact, users could > come to understand it as a great benefit: they get the > personalization, but without their browsing history being accumulated > and retained. > > Best, > > -David > >
Received on Monday, 7 October 2013 22:10:56 UTC