Privacy/TPWG/Change Proposal Data Hygiene Tracking of URL Data

From W3C Wiki
< Privacy‎ | TPWG
Jump to: navigation, search

This change proposal was the topic of a Call for Objections (results are publicly visible): decision, explanatory memo

Proposal: Tracking of URL Data and De-Identified/De-Linked

Change proposal (red line) from Jack Hobaugh; amendments; issue-215

See red-line and amendments above for full text. The key changes in text are around definitions of tracking, deidentified, delinked and third-party compliance:

Tracking is the collection and retention, or use of a user's browsing activity -- the domains or URLs visited across non-affiliated websites -- linked to a specific user, computer, or device.

Data is deidentified when a party:

  • has taken reasonable steps to ensure that the URL data across websites or Unique ID cannot reasonably be re-associated or connected to a specific user, computer, or device;
  • has taken reasonable steps to protect the non-identifiable nature of data if it is distributed to non-affiliates and obtain satisfactory written assurance that such entities will not attempt to reconstruct the data in a way such that an individual may be re-identified and will use or disclose the de-identified data only for uses as specified by the entity.
  • has taken reasonable steps to ensure that any non-affiliate that receives de-identified data will itself ensure that any further non-affiliate entities to which such data is disclosed agree to the same restrictions and conditions.
  • will commit to not purposely sharing this data publicly.

Data is delinked when a party:

  • has achieved a reasonable level of justified confidence that data has been de-identified and cannot be internally linked to a specific user, computer, or other device within a reasonable timeframe;
  • has taken reasonable steps to ensure that data cannot be reverse engineered back to identifiable data without the need for operational or administrative controls.

In the Third-party Compliance section:

In a particular network interaction, if a third party receives a DNT: 1 signal, then that third party MUST NOT track outside of the Permitted Uses and any explicitly granted exceptions.

Existing Text

From the Tracking Compliance & Scope, Editors' Draft, the key sections would be:

Tracking is the retention or use, after a network interaction is complete, of data records that are, or can be, associated with a specific user, user agent, or device.

Data is deidentified when a party:

  • has achieved a reasonable level of justified confidence that the data cannot be used to infer information about, or otherwise be linked to, a particular consumer, computer, or other device;
  • commits to try not to reidentify the data; and
  • contractually prohibits downstream recipients from trying to re-identify the data.

Third-party compliance:

If a third party receives a DNT: 1 signal,

  • the third party MUST NOT collect, retain, share, or use information related to the network interaction as part of which it received the DNT: 1 signal outside of the permitted uses as defined within this standard and any explicitly-granted exceptions provided in accordance with the requirements of this standard;
  • the third party MUST NOT use information about previous network interactions in which it was a third party, outside of the permitted uses as defined within this standard and any explicitly-granted exceptions, provided in accordance with the requirements of this standard.