Privacy/TPWG/Change Proposal Tracking Third Party Compliance

From W3C Wiki
< Privacy‎ | TPWG
Jump to: navigation, search

This wiki page lists text proposals for ISSUE-203

Proposal 1 (superseded by later developments)

Proposal from David Singer: email

If a third party receives a DNT: 1 signal, then, unless it has consent from the user:

  • the third party must not collect, retain, share, or use tracking information related to the network interaction as part of which it received the DNT: 1 signal outside of the permitted uses as defined within this standard;
  • the third party must not use tracking information about previous network interactions in which it was a third party, outside of the permitted uses as defined within this standard.

Proposal 2 [abandoned in favor of proposals 3 and 4]

Proposal from Roy Fielding via email

Upon receipt of a request containing DNT:1, an origin server MUST do one of the following:

  • a) send in any corresponding tracking status for that target resource the "N" tracking status value and avoid behavior that fits the definition of tracking with respect to this network interaction; or,
  • b) send in any corresponding tracking status for that target resource an appropriate tracking status value to indicate tracking might occur (any value other than "N") and conform to the limitations associated with that value, defined below, with respect to tracking when DNT:1 is received.

Proposal 3

Proposal from Roy Fielding via email

A comprehensive rewrite of the compliance document from the perspective of TPE is provided in

http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance-i203.html

Proposal 4

Proposal from Roy Fielding via email

A slightly less comprehensive rewrite of the compliance document from the perspective of TPE is provided in

http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance-i203b.html

that uses first and third party terms, permits first party tracking in general (including data append) as a permitted use, and keeps the (redundant) text on user identifiers and the unclear-consensus text on the scope being limited to user agents that look like browsers. The result is mostly editorial changes to what is currently in TCS, except for what is necessary to reflect the normative decisions in TPE, and adds a "1" qualifier for first party use (previously discussed when we eliminated it as a TSV).

Editors' Draft Text

The above proposals would replace the existing text below from the editors' draft.

If a third party receives a DNT: 1 signal, then:

  • the third party MUST NOT collect, retain, share, or use information related to the network interaction as part of which it received the DNT: 1 signal outside of the permitted uses as defined within this standard and any explicitly-granted exceptions provided in accordance with the requirements of this standard;
  • the third party MUST NOT use information about previous network interactions in which it was a third party, outside of the permitted uses as defined within this standard and any explicitly-granted exceptions, provided in accordance with the requirements of this standard.