Privacy/TPWG/Change Proposal Service Provider
Proposal: Service Provider
Proposal from Roy Fielding: email, amended slightly to be consistent with a proposal by Vinay Goel: email and again to reflect TPE LCWD; issue-206
New text
Access to Web resources often involves multiple parties that might process the data received in a network interaction. For example, domain name services, network access points, content distribution networks, load balancing services, security filters, cloud platforms, and software-as-a-service providers might be a party to a given network interaction because they are contracted by either the user or the resource owner to provide the mechanisms for communication. Likewise, additional parties might be engaged after a network interaction, such as when services or contractors are used to perform specialized data analysis or records retention.
For the data received in a given network interaction, a service provider is considered to be the same party as its contractee if the service provider:
(1) processes the data on behalf of the contractee;
(2) ensures that the data is only retained, accessed, and used as directed by the contractee;
(3) has no independent right to use the data other than in a de-identified form (e.g., for monitoring service integrity, load balancing, capacity planning, or billing); and,
(4) has a contract in place with the contractee which is consistent with the above limitations.
Proposal: Technical Precautions and Internal Practices
Proposal from Dan Auerbach. To see a longer version including non-normative examples, see the proposal email.
New text
A first party may outsource website functionality to a third party, in which case the third party may act as the first party under this standard with the following additional restrictions.
Technical Precautions
Throughout all data reception, retention, and use, outsourced service providers must use all feasible technical precautions to both mitigate the linkability of and prevent the linking of data from different first parties.
Structural separation ("siloing") of data per first party, including both separate data structures and avoidance of shared unique identifiers are necessary, but not necessarily sufficient, technical precautions.
Internal Practices
Throughout all data reception, retention, and use, outsourced service providers must use sufficient internal practices to prevent the linking of data from different first parties.
Use Direction
An outsourced service must use data retained on behalf of a first party ONLY on behalf of that first party, and must not use data retained on behalf of a first party for their own business purposes, or for any other reasons.
First-Party Requirements
Representation
A first party's representation that it is in compliance with this standard includes a representation that its outsourcing service providers comply with this standard.
Contract
A first party must enter into a contract with an outsourcing service provider that requires that outsourcing service provider to comply with these requirements.
Proposal: No Independent Right
New text
(3) has no independent right to use or share the data except as necessary to ensure the integrity, security, and correct operation of the service being provided
Editors' Draft Text
The above proposals would replace the existing text below from the editors' draft.
An outsourced service provider is considered to be the same party as its client if the service provider:
(1) acts only as a data processor on behalf of the client;
(2) ensures that the data can only be accessed and used as directed by that client;
(3) has no independent right to use or share the data except as necessary to ensure the integrity, security, and correct operation of the service being provided; and
(4) has a contract in place that outlines and mandates these requirements.