Privacy/TPWG/Change Proposal Service Provider

From W3C Wiki
< Privacy‎ | TPWG

Proposal: Service Provider

Proposal from Roy Fielding: email, amended slightly to be consistent with a proposal by Vinay Goel: email and again to reflect TPE LCWD; issue-206

New text

Access to Web resources often involves multiple parties that might process the data received in a network interaction. For example, domain name services, network access points, content distribution networks, load balancing services, security filters, cloud platforms, and software-as-a-service providers might be a party to a given network interaction because they are contracted by either the user or the resource owner to provide the mechanisms for communication. Likewise, additional parties might be engaged after a network interaction, such as when services or contractors are used to perform specialized data analysis or records retention.

For the data received in a given network interaction, a service provider is considered to be the same party as its contractee if the service provider:

(1) processes the data on behalf of the contractee;

(2) ensures that the data is only retained, accessed, and used as directed by the contractee;

(3) has no independent right to use the data other than in a de-identified form (e.g., for monitoring service integrity, load balancing, capacity planning, or billing); and,

(4) has a contract in place with the contractee which is consistent with the above limitations.

Proposal: Technical Precautions and Internal Practices

Proposal from Dan Auerbach. To see a longer version including non-normative examples, see the proposal email.

New text

A first party may outsource website functionality to a third party, in which case the third party may act as the first party under this standard with the following additional restrictions.

Technical Precautions

Throughout all data reception, retention, and use, outsourced service providers must use all feasible technical precautions to both mitigate the linkability of and prevent the linking of data from different first parties.

Structural separation ("siloing") of data per first party, including both separate data structures and avoidance of shared unique identifiers are necessary, but not necessarily sufficient, technical precautions.

Internal Practices

Throughout all data reception, retention, and use, outsourced service providers must use sufficient internal practices to prevent the linking of data from different first parties.

Use Direction

An outsourced service must use data retained on behalf of a first party ONLY on behalf of that first party, and must not use data retained on behalf of a first party for their own business purposes, or for any other reasons.

First-Party Requirements

Representation

A first party's representation that it is in compliance with this standard includes a representation that its outsourcing service providers comply with this standard.

Contract

A first party must enter into a contract with an outsourcing service provider that requires that outsourcing service provider to comply with these requirements.

Proposal: No Independent Right

Proposal from Mike O'Neill.

New text

(3) has no independent right to use or share the data except as necessary to ensure the integrity, security, and correct operation of the service being provided

Editors' Draft Text

The above proposals would replace the existing text below from the editors' draft.

An outsourced service provider is considered to be the same party as its client if the service provider:

(1) acts only as a data processor on behalf of the client;

(2) ensures that the data can only be accessed and used as directed by that client;

(3) has no independent right to use or share the data except as necessary to ensure the integrity, security, and correct operation of the service being provided; and

(4) has a contract in place that outlines and mandates these requirements.