Privacy/TPWG/Change Proposal Limitations on use in Third Party Context
Proposal 1: No change
If a third party receives a DNT: 1 signal, then:
- the third party MUST NOT collect, retain, share, or use data related to the network interaction as part of which it received the DNT: 1 signal outside of the permitted uses as defined within this recommendation and any explicitly-granted exceptions provided in accordance with the requirements of this recommendation;
- the third party MUST NOT use data about previous network interactions in which it was a third party, outside of the permitted uses as defined within this recommendation and any explicitly-granted exceptions, provided in accordance with the requirements of this recommendation.
Proposal 2: Prohibit use of data collected as any type of party
Text would replace existing text in third-party compliance section (striking
third from the relevant clause).
... the third party MUST NOT use data collected in another context about the user, including when that party was a first party.
Third party use outside first party context is tracking
This text would be appended to the first paragraph in the ED.
Use of this data outside the first party context is tracking and subject to third party rules for tracking, as outlined in Section 5.
Use of 1st Party Data in a 3rd Party Context (Transparency)
This text would be in addition to existing First Party Compliance requirements in the editors' draft.
If a Party receives a network transaction to which a DNT:1 header is attached, during that network transaction, that Party must not use data it previously collected while a First Party to customize the experience of a user while operating as a Third Party, unless that Party’s identity is transparent to the user. For example, the use of prominent branding directly on or around the content or advertisement would create transparency.