-
Notifications
You must be signed in to change notification settings - Fork 77
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Software as a service use case for FPS #33
Comments
In speaking with one of our UK customers this morning, she mentioned that her company maintains the same trademark across many eTLDs. I know that has been thought about as a use case for FPS, and it's salient to this use case as well. Our SaaS is on example.com and example.co.uk and example.de. They want to coordinate its use across those sites, so our domain would need to interoperate across those eTLDs. In particular, she mentioned marketing chat applications (provided as SaaS by a third-party) that users would expect to maintain state across the set. |
Thank you for bringing up this use case and providing a detailed example. A few points in response:
|
@joelodom - FYI, we recently published a proposal for an opt-in cookie partitioning attribute. I'd like to welcome your feedback on usefulness and support for incubation in a standards group on this thread. I think partitioned cookies in concert with First-Party Sets should help with the |
There should be discussion on corolary support, e.g. a javascript API to clear all site data including partitioned cookies/storage. privacycg/CHIPS#7 |
This issue pertains to how a business may use first-party sets for personalization across its websites when using software as a service, using marketing software as a service as the example I have in mind.
Suppose that Example, Inc. has a flagship product branded Example Product. Every year Example, Inc. hosts a conference where their community can organize around Example Product. The conference serves marketing and technical exchange purposes, as most conferences do. Here are the related domains:
example.com -- Example, Inc.
product.com -- the website for Example Product
product-fest-2021.com -- a short-lived website for the annual conference
marketing-backend.com - a third-party service provider that provides marketing automation for Example, Inc.
These four websites have a legitimate reason to collect and use data about a particular conference registrant for the purpose of marketing around the conference that the registrant registered for, so they will need to identify a registrant across the sites. When a registrant registers for the conference, that registrant’s information and interactions with these related websites may be collected by the marketing backend, which provides the email services and other services to the conference host, Example, Inc. A key point is that the marketing backend service may be used by many different businesses, but the data of those businesses is never aggregated for widescale tracking or profiling across businesses or collected by the SaaS for resale, both of which we want to avoid. The marketing backend is just a solution for Example, Inc hosted as a software service.
This would be a common marketing use case. We could probably envision other examples where software as a service providers would need to act in a first party context. Can we find a way to do this with FPS in a privacy-preserving manner that is not subject to abuse by cross-business data aggregators?
The text was updated successfully, but these errors were encountered: