- From: Roy T. Fielding <fielding@gbiv.com>
- Date: Wed, 14 May 2014 11:13:52 -0700
- To: W3C DNT Working Group Mailing List <public-tracking@w3.org>
ISSUE-206: Service Provider name and requirements I have amended our proposal to be more consistent with the current TPE and be less ambiguous about which party is contracting the service. ....Roy https://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_Service_Provider#Proposal:_Service_Provider Proposal: Service Provider Proposal from Roy Fielding: email, amended slightly to be consistent with a proposal by Vinay Goel: email and again to reflect TPE LCWD; issue-206 New text Access to Web resources often involves multiple parties that might process the data received in a network interaction. For example, domain name services, network access points, content distribution networks, load balancing services, security filters, cloud platforms, and software-as-a-service providers might be a party to a given network interaction because they are contracted by either the user or the resource owner to provide the mechanisms for communication. Likewise, additional parties might be engaged after a network interaction, such as when services or contractors are used to perform specialized data analysis or records retention. For the data received in a given network interaction, a service provider is considered to be the same party as its contractee if the service provider: (1) processes the data on behalf of the contractee; (2) ensures that the data is only retained, accessed, and used as directed by the contractee; (3) has no independent right to use the data other than in a de-identified form (e.g., for monitoring service integrity, load balancing, capacity planning, or billing); and, (4) has a contract in place with the contractee which is consistent with the above limitations.
Received on Wednesday, 14 May 2014 18:13:39 UTC