Software as a service use case for FPS

[joelodom]

This issue pertains to how a business may use first-party sets for personalization across its websites when using software as a service, using marketing software as a service as the example I have in mind.

Suppose that Example, Inc. has a flagship product branded Example Product. Every year Example, Inc. hosts a conference where their community can organize around Example Product. The conference serves marketing and technical exchange purposes, as most conferences do. Here are the related domains:

example.com -- Example, Inc.
product.com -- the website for Example Product
product-fest-2021.com -- a short-lived website for the annual conference
marketing-backend.com - a third-party service provider that provides marketing automation for Example, Inc.

These four websites have a legitimate reason to collect and use data about a particular conference registrant for the purpose of marketing around the conference that the registrant registered for, so they will need to identify a registrant across the sites. When a registrant registers for the conference, that registrant’s information and interactions with these related websites may be collected by the marketing backend, which provides the email services and other services to the conference host, Example, Inc. A key point is that the marketing backend service may be used by many different businesses, but the data of those businesses is never aggregated for widescale tracking or profiling across businesses or collected by the SaaS for resale, both of which we want to avoid. The marketing backend is just a solution for Example, Inc hosted as a software service.

This would be a common marketing use case. We could probably envision other examples where software as a service providers would need to act in a first party context. Can we find a way to do this with FPS in a privacy-preserving manner that is not subject to abuse by cross-business data aggregators?

[joelodom]

In speaking with one of our UK customers this morning, she mentioned that her company maintains the same trademark across many eTLDs. I know that has been thought about as a use case for FPS, and it's salient to this use case as well. Our SaaS is on example.com and example.co.uk and example.de. They want to coordinate its use across those sites, so our domain would need to interoperate across those eTLDs. In particular, she mentioned marketing chat applications (provided as SaaS by a third-party) that users would expect to maintain state across the set.

[JadeKessler]

Thank you for bringing up this use case and providing a detailed example. A few points in response:

• In your example, we would expect Product.com & Example.com to form a FPS. This is in fact a quintessential scenario for FPS-formation.

• The question about product-fest-2021.com is an interesting one. We need to think more about how we might handle short lived domains but this has come up in previous PrivacyCG discussions and is on our radar.

• W.r.t. marketing-backend.com: we certainly acknowledge that this is an important use case. Third parties provide important services to sites and continued support is important to maintain the health of the web. Partitioned state is probably the best solution here as it prevents aggregation while continuing to support SaaS use cases. We have one idea for partitioned cookies that we’ve laid out here:Explore cookie partitioning privacycg/storage-partitioning#15. We are also talking about partitioning web/JS storage on this repo: https://github.com/privacycg/storage-partitioning. If partitioned cookies are designed such that the top-level site’s FPS is the “partition key” (and not the domain); then the SaaS gets the same partitioned state across example.com, example.co.uk, and example.de.

[krgovind]

@joelodom - FYI, we recently published a proposal for an opt-in cookie partitioning attribute. I'd like to welcome your feedback on usefulness and support for incubation in a standards group on this thread.

I think partitioned cookies in concert with First-Party Sets should help with the marketing-backend.com usecase.

[michael-oneill]

There should be discussion on corolary support, e.g. a javascript API to clear all site data including partitioned cookies/storage. privacycg/CHIPS#7