First Party Sets
Google's First Party Sets proposal enables different sites (or origins) owned by the same organization to declare themselves to people as being allowed to share personal data.[1]
Impact
By relying on organizational ownership as the sole mechanism of trust, this advantages vertically-integrated organizations over those that rely on supply-chain partners. This runs counter to the general goal on the web of supporting decentralization.
Open Questions
- How much ownership is required for different domains to be allowed to share personal data?
- How much awareness among the general public is required for different domains to be allowed to share personal data?
- Must users be made aware of the ownership linkages prior to any personal data sharing?
- How much control should people have to keep their identity distinct from the various sites within such a "first party set"?