Fwd: CVS WWW/2011/tracking-protection/drafts

tl;dr: details of first (probably not last) edit to resolve issue-203 are included below.


Per our discussions of issue-203 (use of "tracking" in compliance), this edit tries to implement part of that discussion. It makes the changes regarding "tracking data" as suggested by David and revised by me. And it adds language about determining first party status (either by design or dynamically) using language from Roy's text. I believe that should help

I suspect there are still updates to be made to integrate Roy's suggestions on adhering to stated tracking status, but I'm hopeful that this is a good start towards the apparent agreement in past teleconferences.

Thanks,
Nick

Begin forwarded message:

> Resent-From: public-tracking-commit@w3.org
> From: "CVS User npdoty" <cvsmail@w3.org>
> Subject: CVS WWW/2011/tracking-protection/drafts
> Date: November 18, 2014 at 11:38:01 PM PST
> To: public-tracking-commit@w3.org
> Archived-At: <http://www.w3.org/mid/E1Xqzpx-0008Po-NR@gil.w3.org>
> 
> Update of /w3ccvs/WWW/2011/tracking-protection/drafts
> In directory gil:/tmp/cvs-serv32348
> 
> Modified Files:
> 	tracking-compliance.html
> Log Message:
> initial set of changes for issue-203, implementing 'tracking data' and noting when first party rules apply, via a modification of fielding's text
> 
> --- /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-compliance.html	2014/11/19 06:25:43	1.129
> +++ /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-compliance.html	2014/11/19 07:38:01	1.130
> @@ -228,6 +228,9 @@
>         A <dfn>context</dfn> is a set of resources that are controlled by
>         the same party or jointly controlled by a set of parties.
> 			</p>
> +      <p>
> +        <dfn>Tracking data</dfn> is any data that could be combined with other data to engage in tracking a user across different contexts.
> +      </p>
> 			</section>
> 			<section id="collection">
> 				<h3>Collect, Use, Share, Facilitate</h3>
> @@ -293,9 +296,12 @@
>       </p>
>     </aside>
>     <p>
> -      A first party to a given user action MUST NOT share data about those network interactions with third parties to that action who are prohibited from collecting data from those network interactions under this recommendation. Data about the interaction MAY be shared withh service providers acting on behalf of the first party.
> +      A first party to a given user action MUST NOT share data about those network interactions with third parties to that action who are prohibited from collecting data from those network interactions under this recommendation. Data about the interaction MAY be shared with service providers acting on behalf of the first party.
>     </p>
> 		<p>
> +      Compliance rules in this section apply where a party determines that it is a first party to a given user action &mdash; either because network resources are intended only for use as a first party to a user action or because the status is dynamically discerned. For cases where a party later determines that data was unknowingly collected as a third party to a user action, see Section <a href="#unknowing-collection"></a>.
> +    </p>
> +    <p>
> 			A first party to a given user action MAY elect to follow the rules defined under this recommendation for third parties.
> 		</p>
>     <p class="note">Given WG decision on ISSUE-241, how should a first party to an action indicate to the user that it is electing to follow third-party rules? Should we suggest using "N" or some other tracking status code?</p>
> @@ -307,10 +313,10 @@
>       When a third party to a given user action receives a <code>DNT:1</code> signal in a related network interaction:
>     </p>
>     <ol start="1">
> -      <li>that party MUST NOT collect, share, or use data
> +      <li>that party MUST NOT collect, share, or use <a>tracking data</a>
>       related to that interaction;</li>
>       <li>that party MUST NOT use data about previous network
> -      interactions in which it was a third party.</li>
> +      interactions in which it was a third party to the user action.</li>
>     </ol>
> 		<p>
> 			A third party to a given user action MAY nevertheless collect and use such
> @@ -548,7 +554,7 @@
>       As a general principle, more specific settings override less specific settings, as where the specific consent in user-granted exceptions overrides a general preference. If a party perceives a conflict between settings, a party MAY seek clarification from the user or MAY honor the more restrictive setting.
>     </p>
>   </section>
> -	<section>
> +	<section id="unknowing-collection">
> 		<h3>Unknowing Collection</h3>
> 		<p>
> 			If a party learns that it possesses data in violation of this recommendation, it MUST, where reasonably feasible, delete or de-identify that data at the earliest practical opportunity, even if it was previously unaware of such information practices despite reasonable efforts to understand its information practices.

Received on Wednesday, 19 November 2014 07:53:23 UTC