- From: CVS User npdoty <cvsmail@w3.org>
- Date: Wed, 19 Nov 2014 07:38:01 +0000
- To: public-tracking-commit@w3.org
Update of /w3ccvs/WWW/2011/tracking-protection/drafts
In directory gil:/tmp/cvs-serv32348
Modified Files:
tracking-compliance.html
Log Message:
initial set of changes for issue-203, implementing 'tracking data' and noting when first party rules apply, via a modification of fielding's text
--- /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-compliance.html 2014/11/19 06:25:43 1.129
+++ /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-compliance.html 2014/11/19 07:38:01 1.130
@@ -228,6 +228,9 @@
A <dfn>context</dfn> is a set of resources that are controlled by
the same party or jointly controlled by a set of parties.
</p>
+ <p>
+ <dfn>Tracking data</dfn> is any data that could be combined with other data to engage in tracking a user across different contexts.
+ </p>
</section>
<section id="collection">
<h3>Collect, Use, Share, Facilitate</h3>
@@ -293,9 +296,12 @@
</p>
</aside>
<p>
- A first party to a given user action MUST NOT share data about those network interactions with third parties to that action who are prohibited from collecting data from those network interactions under this recommendation. Data about the interaction MAY be shared withh service providers acting on behalf of the first party.
+ A first party to a given user action MUST NOT share data about those network interactions with third parties to that action who are prohibited from collecting data from those network interactions under this recommendation. Data about the interaction MAY be shared with service providers acting on behalf of the first party.
</p>
<p>
+ Compliance rules in this section apply where a party determines that it is a first party to a given user action — either because network resources are intended only for use as a first party to a user action or because the status is dynamically discerned. For cases where a party later determines that data was unknowingly collected as a third party to a user action, see Section <a href="#unknowing-collection"></a>.
+ </p>
+ <p>
A first party to a given user action MAY elect to follow the rules defined under this recommendation for third parties.
</p>
<p class="note">Given WG decision on ISSUE-241, how should a first party to an action indicate to the user that it is electing to follow third-party rules? Should we suggest using "N" or some other tracking status code?</p>
@@ -307,10 +313,10 @@
When a third party to a given user action receives a <code>DNT:1</code> signal in a related network interaction:
</p>
<ol start="1">
- <li>that party MUST NOT collect, share, or use data
+ <li>that party MUST NOT collect, share, or use <a>tracking data</a>
related to that interaction;</li>
<li>that party MUST NOT use data about previous network
- interactions in which it was a third party.</li>
+ interactions in which it was a third party to the user action.</li>
</ol>
<p>
A third party to a given user action MAY nevertheless collect and use such
@@ -548,7 +554,7 @@
As a general principle, more specific settings override less specific settings, as where the specific consent in user-granted exceptions overrides a general preference. If a party perceives a conflict between settings, a party MAY seek clarification from the user or MAY honor the more restrictive setting.
</p>
</section>
- <section>
+ <section id="unknowing-collection">
<h3>Unknowing Collection</h3>
<p>
If a party learns that it possesses data in violation of this recommendation, it MUST, where reasonably feasible, delete or de-identify that data at the earliest practical opportunity, even if it was previously unaware of such information practices despite reasonable efforts to understand its information practices.
Received on Wednesday, 19 November 2014 07:38:02 UTC