There's a lot of talk in the online privacy world about first parties and third parties. Generally speaking, when you surf to abc.com, that site is considered to be a first party during the time that you're on the site. If abc.com contains ads, content, scripts, or other stuff being delivered by xyz.com, then xyz.com is considered a third party. The distinction matters because privacy norms and rules usually apply differently for first parties than for third parties. Consumers are likely to have relationships with first parties, or at the very least they know that when they visit abc.com, they're interacting with abc.com. That's not always so clear for third parties - consumers may have no idea which third parties are active on a particular site. Because of this difference, first parties don't always have the same privacy obligations as third parties. For example, the guidelines for behavioral advertising self-regulation that the FTC put out earlier this year apply only to third-party behavioral advertising, not to first parties doing the same thing. But given market dynamics on the Internet these days, it's quite possible that a single company may own or control lots of Web sites. We now have no shortage of media and digital business conglomerates: through acquisition or diversification, a single company comes to own a whole variety of web properties that, to consumers at least, show no signs of being related. Should a collection of Web sites owned by a single company all be considered a single first party, such that data collected on one site can be used on another site without either site being considered a third party?