Privacy/TPWG/Change Proposal Data Hygiene Tracking of URL Data
This change proposal was the topic of a Call for Objections (results are publicly visible): decision, explanatory memo
Proposal: Tracking of URL Data and De-Identified/De-Linked
Change proposal (red line) from Jack Hobaugh; amendments; issue-215
See red-line and amendments above for full text. The key changes in text are around definitions of tracking, deidentified, delinked and third-party compliance:
Tracking is the collection and retention, or use of a user's browsing activity -- the domains or URLs visited across non-affiliated websites -- linked to a specific user, computer, or device.
Data is deidentified when a party:
- has taken reasonable steps to ensure that the URL data across websites or Unique ID cannot reasonably be re-associated or connected to a specific user, computer, or device;
- has taken reasonable steps to protect the non-identifiable nature of data if it is distributed to non-affiliates and obtain satisfactory written assurance that such entities will not attempt to reconstruct the data in a way such that an individual may be re-identified and will use or disclose the de-identified data only for uses as specified by the entity.
- has taken reasonable steps to ensure that any non-affiliate that receives de-identified data will itself ensure that any further non-affiliate entities to which such data is disclosed agree to the same restrictions and conditions.
- will commit to not purposely sharing this data publicly.
Data is delinked when a party:
- has achieved a reasonable level of justified confidence that data has been de-identified and cannot be internally linked to a specific user, computer, or other device within a reasonable timeframe;
- has taken reasonable steps to ensure that data cannot be reverse engineered back to identifiable data without the need for operational or administrative controls.
In the Third-party Compliance section:
In a particular network interaction, if a third party receives a DNT: 1 signal, then that third party MUST NOT track outside of the Permitted Uses and any explicitly granted exceptions.
Existing Text
From the Tracking Compliance & Scope, Editors' Draft, the key sections would be:
Tracking is the retention or use, after a network interaction is complete, of data records that are, or can be, associated with a specific user, user agent, or device.
Data is deidentified when a party:
- has achieved a reasonable level of justified confidence that the data cannot be used to infer information about, or otherwise be linked to, a particular consumer, computer, or other device;
- commits to try not to reidentify the data; and
- contractually prohibits downstream recipients from trying to re-identify the data.
Third-party compliance:
If a third party receives a DNT: 1 signal,
- the third party MUST NOT collect, retain, share, or use information related to the network interaction as part of which it received the DNT: 1 signal outside of the permitted uses as defined within this standard and any explicitly-granted exceptions provided in accordance with the requirements of this standard;
- the third party MUST NOT use information about previous network interactions in which it was a third party, outside of the permitted uses as defined within this standard and any explicitly-granted exceptions, provided in accordance with the requirements of this standard.