- From: Don Marti <notifications@github.com>
- Date: Mon, 15 Mar 2021 10:52:21 -0700
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3ctag/design-reviews/issues/342/799621384@github.com>
In many cases, two domains may be owned by the same corporate entity, but branded in a sufficiently different way that the web user is not aware that they are part of the same "set." Some high-profile examples are * [Most U.S. Adults Don't Know That Instagram, WhatsApp Owned by Facebook - Variety](https://variety.com/2019/digital/news/facebook-owns-instagram-survey-pew-americans-1203364905/) * [LVMH](https://www.lvmh.com/) is a single company that owns "75 distinguished Houses" most of which are long-established famous brands with distinct histories and reputations. Common ___domain ownership as a standard is likely to produce surprising results in the handling of individuals' sensitive data. (The same user might shop on one LVMH ___domain for gifts for their spouse, and from another ___domain for gifts for a co-worker.) Existing browser entity sets are inconsistent in their treatment of commonly owned domains, and there is no recognized standard for when the user-visible terms and UX are adequate for considering domains as part of the same set. It would be more appropriate to look at common privacy policy and user-visible site design and branding to determine if domains could be treated as part of a set by the browser: Some possible criteria: https://github.com/privacycg/first-party-sets/issues/14#issuecomment-797191058 -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/342#issuecomment-799621384
Received on Monday, 15 March 2021 17:52:33 UTC