Feedback requested: what's the preferred way to handle one owner controlling two entities with different privacy policies?

Question

Feedback requested: what's the preferred way to handle one owner controlling two entities with different privacy policies?

billfitzgerald opened this issue 3 years ago · 3 comments

In preparing a pull request, I have the following example:

The Washington Post controls multiple adtech-related domains. Most of the data collected via these domains are covered by the main WaPo privacy policy: https://www.washingtonpost.com/privacy-policy/

In privacy_policies.json as I understand it, that's easy to represent:

        "The Washington Post": {
            "name": "The Washington Post",
            "url": "https://www.washingtonpost.com/",
            "privacyPolicy": "https://www.washingtonpost.com/privacy-policy/"
        },

Zeus Technology is an adtech offering developed and owned by WaPo, with a separate privacy Policy here: https://zeustechnology.com/privacy/

Would this be represented as shown below, or is there a better/different way?

        "Zeus Technology": {
            "name": "The Washington Post",
            "url": "https://zeustechnology.com/privacy/",
            "privacyPolicy": "https://zeustechnology.com/"
        },

Within Tracker Radar data, what is the standard way of managing two distinct entities with the same owner, wioth each entity having its own separate privacy policy?

Answer 1 · 2022-03-05T12:55:53.000Z

Okay - I think I stumbled across the way to do this while doing some work on a project and looking at Amazon and Instagram:

   "instagram.com": {
        "privacyPolicy": "https://help.instagram.com/402411646841720"
    },
    "amazonaws.com": {
        "privacyPolicy": "https://aws.amazon.com/privacy/"
    },

As I understand it, if there is a domain controlled by a parent entity that has a different privacy policy than the parent entity, then the way to handle that is to:

create an entry in privacy_policies.json that includes only:
- the domain and suffix; and
- the url to the privacy policy

Is that correct?

Answer 2 · 2022-03-10T19:45:02.000Z

@billfitzgerald that's correct. Privacy policies are added here https://github.com/duckduckgo/tracker-radar-detector/blob/main/src/trackers/classes/tracker.js#L81

We will use a domain specific policy, if one exists, otherwise use the site owner policy.

Answer 3 · 2022-03-10T20:05:27.000Z

Awesome - super helpful; thank you!

I think I have only one of these queued up and just about set. I'll look to get a pull request over the next day or so.