Open arvind-m opened 4 years ago
I tried to address this question in the very next bullet point:
- The intent is to let the first party retain control over identity on their site. A 3p who builds a per-1p user profile should be in the same position as any other company with whom the 1p chooses to share its user data.
We've heard in the Web Advertising Business Group that building a "per-1p user profile" is a core operation for analytics, to answer questions like "How long do visitors spend on my site?", or for ads, to make choices about what ad to show, or for frequency capping, etc.
The point is not that "3p analytics and 3p ad servers can be [generally] allowed access to first-party identity", but rather that if a 1p wants to give that access to a 3p, they can do so ("as long as that delegated identity remains sharded by 1p", as I said).
If in-house analytics were able to answer "How long do visitors spend on my site?" but 3rd-party analytics were not able to answer such questions, then the composability of the web would be dramatically harmed.
Thanks for the explanation, this helps.
What is an example of appropriate (meaning privacy-preserving) use of "per-1p user profile" to make "choices about what ad to show"? Which specific proposals could we refer to as exemplifying this use case?
Section "Third Parties can be allowed access to a first-party identity" says:
While this is a reasonable statement in isolation, it doesn't seem to fit into a section with this title, i.e. it seems to imply that 3p analytics and 3p ad servers can be [generally] allowed access to first-party identity.
Suggest deleting this, unless there is a better example for composability that requires first-party identity in 3p context.
I could be missing something, in case please update text to avoid similar confusion in other readers.