Privacy/TPWG/Change Proposal Tracking Third Party Compliance

From W3C Wiki
< Privacy‎ | TPWG
Jump to: navigation, search

This wiki page lists text proposals for ISSUE-203

Proposal 1: only applies to tracking data

Proposal from David Singer: email Suggested update from Nick Doty: email

When a third party to a given user action receives a DNT:1 signal in a related network interaction:

  • that party MUST NOT collect, share, or use tracking data related to that interaction;
  • that party MUST NOT use data about previous network interactions in which it was a third party.

where "tracking data" is defined as "data that could be combined with other data to engage in tracking a user across different contexts".

(Except for deidentified data and permitted uses, etc. Surrounding text remains the same.)

Proposal 3: adhering to tracking status

Proposal from Roy Fielding via email

A comprehensive rewrite of the compliance document from the perspective of TPE is provided in

http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance-i203.html

Proposal 4: first-party permitted use

Proposal from Roy Fielding via email

A slightly less comprehensive rewrite of the compliance document from the perspective of TPE is provided in

http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance-i203b.html

that uses first and third party terms, permits first party tracking in general (including data append) as a permitted use, and keeps the (redundant) text on user identifiers and the unclear-consensus text on the scope being limited to user agents that look like browsers. The result is mostly editorial changes to what is currently in TCS, except for what is necessary to reflect the normative decisions in TPE, and adds a "1" qualifier for first party use (previously discussed when we eliminated it as a TSV).

Editors' Draft Text

The below proposals would replace the existing text below (and potentially related sections) from the editors' draft.

When a third party to a given user action receives a DNT:1 signal in a related network interaction:

  • that party MUST NOT collect, share, or use data related to that interaction;
  • that party MUST NOT use data about previous network interactions in which it was a third party.