W3C privacy policy

Status: This policy was enacted on 24 March 2014, and is in effect since 5 August 2014.


Public web browsing (non-logged-in)

We make no effort to identify public users of our site. No identifying data is disclosed to any third party for any purpose. Data that we collect is used only for server administration, site improvement, usage statistics, and Web protocol research.

We log HTTP requests to our site including 'IP', 'Referer' and 'User-Agent' to be able to analyze the traffic. We use cookies for purposes including to understand usage patterns of the site and to maintain session state for some applications.

Pages may link to or embed content such as video from other sites. Those resources are governed by the privacy policies of their originating sites.

Logged information may be kept indefinitely as administrative, diagnostic, and research material, or discarded for any reason. Such information is not disclosed outside of host site personnel. Aggregate (non-identifying) statistics generated from these logs may be reported publicly as part of research results.

If you set the Do-Not-Track header, which is an option in the preferences of many browsers, we will treat you just like all our other users, because we do not track any users for behavioral targeting. Note: We intend to update our practices as necessary to follow subsequent W3C privacy recommendations.

Logged-in usage

When you create a user account, you are asked for a username, email address, real name, and affiliation. This information is stored in the database and displayed on your public profile page; your email address is not displayed in your profile unless you choose to do so. You may choose to provide additional information for public display.

We use some of this information to show organizational affiliations and participant activity including group membership, mailing list and conference call contributions, and editorship credits. This record of activity is important to organizational transparency in our Process and Patent Policy.

Mailing lists

Mailing lists associated with W3C are publicly archived. On your first submission to one of these lists, you will be asked to approve the public posting of your message. We do not remove postings from archived lists per our archive-editing policy.

Law enforcement and other compelled disclosures

In the event that we are required by law (including a court order) to disclose the information you submit, we will make an effort to provide you with notice (unless we are prohibited) that a request for your information has been made and give you an opportunity to object to the disclosure. We will attempt to provide this notice by email, if you have given us an email address. We will independently object to over-broad requests for access to information about users of our site. If you do not challenge the disclosure request we may be legally required to turn over information.


Changes from the previous version of the policy

The policy has been clarified to reflect current technology and W3C practices. We do not intend material changes in what W3C does with information resulting from visits to our site. The changes from the previous version are:

  • The distinction between Member and non-Member browsing was not a useful distinction in practice. The new policy is much clearer about behavior when users are logged in or not logged in.
  • W3C uses a number of open source tools that use cookies to maintain state, such as WordPress, Media Wiki, and Bugzilla. The policy has been updated to make it clearer that we may use cookies for state management and to understand usage patterns in order to improve our site.
  • W3C will continue to not track people for behavioral targeting; we mention this with reference to DNT signals.
  • The policy is clearer about how W3C account data is managed.
  • We dropped mention of some practices that W3C has discontinued (e.g., automatic newsletter subscription).