- From: Roy Fielding via cvs-syncmail <cvsmail@w3.org>
- Date: Fri, 17 Aug 2012 19:21:33 +0000
- To: public-tracking-commit@w3.org
Update of /w3ccvs/WWW/2011/tracking-protection/drafts
In directory hutz:/tmp/cvs-serv31589
Modified Files:
tracking-compliance.html
Log Message:
fix many html syntax errors
Index: tracking-compliance.html
===================================================================
RCS file: /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-compliance.html,v
retrieving revision 1.61
retrieving revision 1.62
diff -u -d -r1.61 -r1.62
--- tracking-compliance.html 14 Aug 2012 03:52:06 -0000 1.61
+++ tracking-compliance.html 17 Aug 2012 19:21:31 -0000 1.62
@@ -2,7 +2,7 @@
<html>
<head>
<title>Tracking Compliance and Scope Specification</title>
- <meta http-equiv="Content-Type" content="text/html;charset=utf-8">
+ <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<script src='http://www.w3.org/Tools/respec/respec-w3c-common' class='remove' async></script>
<script src="http://code.jquery.com/jquery-1.7.2.min.js" type="text/javascript" charset="utf-8"></script>
<script class="remove">
@@ -32,7 +32,7 @@
}
</script>
<link rel="stylesheet" href="additional.css" type="text/css"
-media="screen" title="custom formatting for TPWG editors" charset="utf-8">
+media="screen" title="custom formatting for TPWG editors" charset="utf-8" />
<style type="text/css" media="screen">
#toggle-widget {
position: fixed;
@@ -129,7 +129,7 @@
<h2>Introduction</h2>
<p class="note">This introduction will be re-worked after details of substantive text is closer to being finalized.</p>
<p>The World Wide Web (WWW, or Web) consists of millions of sites interconnected through the use of hypertext. Hypertext provides a simple, page-oriented view of a wide variety of information that can be traversed by selecting links, manipulating controls, and supplying data via forms and search dialogs. A Web page is usually composed of many different information sources beyond the initial resource request, including embedded references to stylesheets, inline images, javascript, and other elements that might be automatically requested as part of the rendering or behavioral processing defined for that page.</p>
- <p>Each of the hypertext actions and each of the embedded resource references might refer to any site on the Web, leading to a seamless interaction with the user even though the pages might be composed of information requested from many different and possibly independent Web sites. From the user's perspective, they are simply visiting and interacting with a single brand -- the first-party Web property -- and all of the technical details and protocol mechanisms that are used to compose a page representing that brand are hidden behind the scenes.</p>
+ <p>Each of the hypertext actions and each of the embedded resource references might refer to any site on the Web, leading to a seamless interaction with the user even though the pages might be composed of information requested from many different and possibly independent Web sites. From the user's perspective, they are simply visiting and interacting with a single brand &emdash; the first-party Web property &emdash; and all of the technical details and protocol mechanisms that are used to compose a page representing that brand are hidden behind the scenes.</p>
<p>It has become common for Web site owners to collect data regarding the usage of their sites for a variety of purposes, including what led the user to visit their site (referrals), how effective the user experience is within the site (web analytics), and the nature of who is using their site (audience segmentation). In some cases, the data collected is used to dynamically adapt the content (personalization) or the advertising presented to the user (targeted advertising). Data collection can occur both at the first-party site and via third-party providers through the insertion of tracking elements on each page. A survey of these techniques and their privacy implications can be found in [<a href="http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html#bib-KnowPrivacy">KnowPrivacy</a>].</p>
<p>People have the right to know how data about them will be collected and how it will be used. Empowered with that knowledge, individuals can decide whether to allow their online activities to be tracked and data about them to be collected. Many Internet companies use data gathered about people's online activities to personalize content and target advertising based on their perceived interests. While some people appreciate this personalization of content and ads in certain contexts, others are troubled by what they perceive as an invasion of their privacy. For them, the benefit of personalization is not worth their concerns about allowing entities with whom they have no direct relationship to amass detailed profiles about their activities.</p>
<p>Therefore, users need a mechanism to express their own preference regarding tracking that is both simple to configure and efficient when implemented. In turn, Web sites that are unwilling or unable to offer content without such targeted advertising or data collection need a mechanism to indicate those requirements to the user and allow them (or their user agent) to make an individual choice regarding user-granted exceptions.</p>
@@ -189,8 +189,7 @@
<br/><br/>
A <dfn>party</dfn> is a set of functional entities that are affiliated.
- <section>
-<!--
+<section>
<h2>Transparency</h2>
<p class="note">This section is at best out of place, and should be in the compliance section, not definitions.</p>
<section>
@@ -200,8 +199,8 @@
<section>
<h2>Non-Normative Discussion</h2>
<p class="informative">Affiliation may be made easily discoverable by prominent and common branding by a functional entity of affiliation on its webpages, within a privacy policy linked from its webpages, or a machine-readable format in a well-known location.</p>
--->
-<!--<h2>Affiliated Parties</h2>
+
+<h2>Affiliated Parties</h2>
<p class="note">I changed this text to reflect that it's a definition of affiliated parties, but should retain the requirement that an affiliated party must be discoverable in order to be considered affiliated under this draft.</p>
<section>
<h2>Requirement</h2>
@@ -210,6 +209,8 @@
<section>
<h2>Non-Normative Discussion</h2>
<p class="informative">Affiliation may be made easily discoverable by prominent and common branding by a functional entity of affiliation on its webpages, within a privacy policy linked from its webpages, or a machine-readable format in a well-known location.</p>
+</section>
+</section>
-->
</section>
@@ -254,11 +255,11 @@
<p>
Structural separation ("siloing") of data per first party, including both
+</p>
<ol>
<li>separate data structures and</li>
<li>avoidance of shared unique identifiers</li>
</ol>
-
<p>
are necessary, but not necessarily sufficient, technical precautions.
</p>
@@ -305,6 +306,7 @@
<h4>Storage Key</h4>
<p>
For key/value storage APIs, such as Web Storage and Indexed Database, an outsourcing service can use a different key or key prefix for each first party.
+</p>
<pre class="example">
Example Analytics stores data for Example News at
window.localStorage["examplenews"] and data for Example Sports at
@@ -332,7 +334,8 @@
<section>
<h4>Access Monitoring</h4>
<p>
- An outsourcing service should deploy access monitoring mechanisms to detect improper use of siloed data.</p>
+ An outsourcing service should deploy access monitoring mechanisms to detect improper use of siloed data.
+</p>
</section> <!-- closes access monitoring, h4 -->
</section> <!-- closes siloing in the Backend, h3 -->
@@ -397,7 +400,7 @@
</section> <!-- closes use direction, h2 -->
<section>
- <h2>First Party or Third Party Requirements</h1>
+ <h2>First Party or Third Party Requirements</h2>
<section>
<h3>Representation</h3>
<p>
@@ -584,12 +587,14 @@
<section id="def-unlinkable">
<h3>Unlinkable Data</h3>
- <p class="note">There is debate about whether to use the terms unlinkable, unlinked, or unidentified to describe this type of data.
+ <p class="note">There is debate about whether to use the terms unlinkable, unlinked, or unidentified to describe this type of data.</p>
<!-- <p class="note">JMayer would like an option that limits use of unlinkable data, but that should be in the compliance sections.</p> -->
<section class="option"><h4>Option 1: Unlinkable Data</h4>
- <p>A party render a dataset <dfn>unlinkable</dfn> when it<br>1. takes commercially reasonable steps have been taken to de-identify data such that there is confidence that it contains information which could not be linked to a specific user, user agent, or device in a production environment<br>2. publicly commits to retain and use the data in unlinkable fashion, and not to attempt to re-identify the data<br>3. contracually prohibits any third party that it transmits the unlinkable data to from attempting to re-identify the data. Parties SHOULD provide transparency to their delinking process (to the extent that it will not provided confidential details into security practices) so external experts and auditors can assess if the steps are reasonably given the particular data set.</p></section>
+ <p>A party render a dataset <dfn>unlinkable</dfn> when it<br />1. takes commercially reasonable steps have been taken to de-identify data such that there is confidence that it contains information which could not be linked to a specific user, user agent, or device in a production environment<br />2. publicly commits to retain and use the data in unlinkable fashion, and not to attempt to re-identify the data<br />3. contracually prohibits any third party that it transmits the unlinkable data to from attempting to re-identify the data. Parties SHOULD provide transparency to their delinking process (to the extent that it will not provided confidential details into security practices) so external experts and auditors can assess if the steps are reasonably given the particular data set.</p>
+ </section>
<section class="option"><h4>Option 2: Unlinkable Data</h4>
- <p>A dataset is <dfn>unlinkable</dfn> when there is a high probability that it contains only information that could not be linked to a particular user, user agents, or device by a skilled analyst. A party renders a dataset unlinkable when either:<br>1. it publicly publishes information that is sufficiently detailed for a skilled analyst to evaluate the implementation, or<br>2. ensure that the dataset is at least 1024-unlinkable.</p></section>
+ <p>A dataset is <dfn>unlinkable</dfn> when there is a high probability that it contains only information that could not be linked to a particular user, user agents, or device by a skilled analyst. A party renders a dataset unlinkable when either:<br />1. it publicly publishes information that is sufficiently detailed for a skilled analyst to evaluate the implementation, or<br />2. ensure that the dataset is at least 1024-unlinkable.</p>
+ </section>
</section>
<section id="def-network-transaction">
@@ -658,10 +663,11 @@
-->
- <section class=option id=def-consent-prescribe>
+ <section class=option id="def-consent-prescribe">
<h4>Option 1: Prescriptive</h4>
- <p>Explicit and informed choice must satisfy the folllowing bright-line requirements:<br><b>1. Actual presentation:</b> The choice mechanism MUST be actually presented to the user. It MUST NOT be on a linked page, such as a terms of service or privacy policy.<br><b>2. Clear Terms:</b>The choice mechanism MUST use clear, non-confusing technology.<br><b>3. Independent choice:</b> The choice mechanism MUST be presented independent of other choices. It MUST NOT be bundled with other user preferences.<br><b>4. No default permission:</b> The choice MUST NOT have the user permission selected by default.</p></section>
+ <p>Explicit and informed choice must satisfy the following bright-line requirements:<br /><b>1. Actual presentation:</b> The choice mechanism MUST be actually presented to the user. It MUST NOT be on a linked page, such as a terms of service or privacy policy.<br /><b>2. Clear Terms:</b>The choice mechanism MUST use clear, non-confusing technology.<br /><b>3. Independent choice:</b> The choice mechanism MUST be presented independent of other choices. It MUST NOT be bundled with other user preferences.<br /><b>4. No default permission:</b> The choice MUST NOT have the user permission selected by default.</p>
+ </section>
<section class=option id="def-consent-silence">
<h4>Option 2: Silence</h4>
@@ -684,7 +690,7 @@
<h3>User Agent Compliance</h3>
<p>A user agent MUST offer a control to express a tracking preference to third parties. The control MUST communicate the user's preference in accordance with the [[!!TRACKING-DNT]] recommendation and otherwise comply with that recommendation. A user agent MUST NOT express a tracking preference for a user unless the user has given express and informed consent to indicate a tracking preference.</p>
<p>We do not specify how tracking preference choices are offered to the user or how the preference is enabled: each implementation is responsible for determining the user experience by which a tracking preference is enabled. For example, a user might select a check-box in their user agent's configuration, install an extension or add-on that is specifically designed to add a tracking preference expression, or make a choice for privacy that then implicitly includes a tracking preference (e.g., "Privacy settings: high"). Likewise, a user might install or configure a proxy to add the expression to their own outgoing requests.</p>
-<p class="option">Shane's proposal has suggested the additional compliance requirements of user agents:<br>1. The User Agent must also make available via a link in explanatory text where DNT is enabled to provide more detailed information about DNT functionality<br>2. Any User Agent claiming compliance must have a functional implementation of the browser exceptions in this specification</p>
+<p class="option">Shane's proposal has suggested the additional compliance requirements of user agents:<br />1. The User Agent must also make available via a link in explanatory text where DNT is enabled to provide more detailed information about DNT functionality<br />2. Any User Agent claiming compliance must have a functional implementation of the browser exceptions in this specification</p>
</section>
<section id="third-party-compliance">
@@ -746,7 +752,7 @@
<section class="informative" id="contextual-example"><h6>Examples</h6></section>
-<p><ol><li>A user visits ExampleSports.com with DNT:1 enabled to read a news article about a baseball game. ExampleSports uses the third party ExampleAds to serve ads on ExampleSports.com. ExampleAds is not an outsourcing partner of ExampleSports, and often uses third-party behavioral data to serve targeted ads to users who have not enabled DNT:1. ExampleAds may collect and use information about the user in order to render an advertisement (including IP address and information about the user agent) and information about the url of the news article in order to render an advertisement related to the baseball game.</li><br><li>A user visits ExampleLocalNews.com with DNT:1 enabled to read a news article about a local fire. ExampleLocalNews uses the third party ExampleWeather to display a weather widget on its site. ExampleWeather is not an outsourcing partner of ExampleLocalNews. ExampleWeather may collect and user information about the user in order to render the weather widget (including IP address andinformation about the user agent) and information about the domain of the news site in order to render weather information related to the city which ExampleLocalNews reports on.</li><br></ol></p></section>
+<p><ol><li>A user visits ExampleSports.com with DNT:1 enabled to read a news article about a baseball game. ExampleSports uses the third party ExampleAds to serve ads on ExampleSports.com. ExampleAds is not an outsourcing partner of ExampleSports, and often uses third-party behavioral data to serve targeted ads to users who have not enabled DNT:1. ExampleAds may collect and use information about the user in order to render an advertisement (including IP address and information about the user agent) and information about the url of the news article in order to render an advertisement related to the baseball game.</li><br /><li>A user visits ExampleLocalNews.com with DNT:1 enabled to read a news article about a local fire. ExampleLocalNews uses the third party ExampleWeather to display a weather widget on its site. ExampleWeather is not an outsourcing partner of ExampleLocalNews. ExampleWeather may collect and user information about the user in order to render the weather widget (including IP address ad information about the user agent) and information about the domain of the news site in order to render weather information related to the city which ExampleLocalNews reports on.</li><br /></ol></p></section>
<section id="first-party-data">
<h5>Content or Ad Delivery Based on First Party Data</h5>
@@ -754,15 +760,15 @@
</p>
<p class="option">Regardless of DNT signal, information may be collected, retained and used for the display of content or advertisements based in part of data that the third party previously collected from the user when acting as a first party.</p>
-<section class="informative" id="first-party-example"><h6>Examples</h6><p><ol><li>A user visits ExampleNews.com with DNT:1 enabled to read a story about a national election. ExamplesNews uses the third party ExamplePortal to serve content and advertisements on its site. ExamplePortal is not an outsourcing partner of ExampleNews. The user had previously visited ExamplePortal.com with DNT:1 enabled and read several stories about golf. ExamplePortal may serve an advertisement related to golf to that same user on ExampleNews. However, ExamplePortal may not use the fact that user went to ExampleNews to add to the user's ExamplePortal profile, and may only retain and use information about that fact for a permitted operational use.</li><br><li>A user visits Example Music with DNT:1 enabled to listen to recently released albums streamed online. Example Music uses the third party Example Social to provide a widget that shows users what their Example Social friends have done on ExampleMusic. ExampleSocial is ot an outsourcing partner of ExampleMusic. The user is a member of ExampleSocial and has several friends who also share information about what they do on ExampleMusic on ExampleSocial. ExampleSocial may display information that the users' friends had shared on ExampleSocial related to ExampleMusic within its third-party widget on ExampleMusic. However, ExampleSocial may not use the fact that user went to ExampleMusic to add to the user's ExampleSocial profile, and may only retain and use information about that fact for a permitted operational use.</li></ol></p></section></section>
+<section class="informative" id="first-party-example"><h6>Examples</h6><p><ol><li>A user visits ExampleNews.com with DNT:1 enabled to read a story about a national election. ExamplesNews uses the third party ExamplePortal to serve content and advertisements on its site. ExamplePortal is not an outsourcing partner of ExampleNews. The user had previously visited ExamplePortal.com with DNT:1 enabled and read several stories about golf. ExamplePortal may serve an advertisement related to golf to that same user on ExampleNews. However, ExamplePortal may not use the fact that user went to ExampleNews to add to the user's ExamplePortal profile, and may only retain and use information about that fact for a permitted operational use.</li><br /><li>A user visits Example Music with DNT:1 enabled to listen to recently released albums streamed online. Example Music uses the third party Example Social to provide a widget that shows users what their Example Social friends have done on ExampleMusic. ExampleSocial i not an outsourcing partner of ExampleMusic. The user is a member of ExampleSocial and has several friends who also share information about what they do on ExampleMusic on ExampleSocial. ExampleSocial may display information that the users' friends had shared on ExampleSocial related to ExampleMusic within its third-party widget on ExampleMusic. However, ExampleSocial may not use the fact that user went to ExampleMusic to add to the user's ExampleSocial profile, and may only retain and use information about that fact for a permitted operational use.</li></ol></p></section></section>
<section id="frequency-capping">
<h5>Frequency Capping</h5>
<p>Regardless of DNT signal, information may be collected, retained and used for limiting the number of times that a user sees a particular advertisement, often called "frequency capping".</p>
-<p class=option>In Seattle, we discussed specifically limiting how data was stored for frequency capping.<br><br>Server-side frequency capping is allowed if the tracking identifier is only retained in a form that is unique to each super-campaign (e.g., one-way hashed with a campaign id) and does not include retention of the user's activity trail (page URIs on which the ads were delivered) aside from what is allowed for other permitted uses.</p>
+<p class=option>In Seattle, we discussed specifically limiting how data was stored for frequency capping.<br /><br />Server-side frequency capping is allowed if the tracking identifier is only retained in a form that is unique to each super-campaign (e.g., one-way hashed with a campaign id) and does not include retention of the user's activity trail (page URIs on which the ads were delivered) aside from what is allowed for other permitted uses.</p>
-<Section class="informative" id="frequency-capping-example"><h6>Examples</h6>
+<section class="informative" id="frequency-capping-example"><h6>Examples</h6>
<p>A user visits ExampleNews with DNT:1 enabled. ExamplesNews uses the third party ExampleAds to serve content and advertisements on its site. ExampleAds is not an outsourcing partner of ExampleNews. ExampleAds has previously shown the user an ad for ExampleCars fives times in the past week on other sites. ExampleCars' contract with Example Ads states that Example Ads will be paid less for impressions where the user sees an ad more than five times in a week. ExampleAds may opt not to show the user the ad for ExampleCars because the user has already seen the ad five times on other sites.</p></section></section>
@@ -848,7 +854,8 @@
<section id="no-personalization">
<h5>No Personalization</h5>
-<p>Outside of Security and Frequency Capping, data retained for Permitted Uses MUST NOT be used to alter a specific user's online experience based on multi-site activity.</p></section><br>
+<p>Outside of Security and Frequency Capping, data retained for Permitted Uses MUST NOT be used to alter a specific user's online experience based on multi-site activity.</p>
+</section>
<!--
<p class="issue" data-number="24" title="Possible permitted use for fraud detection and defense"></p>
@@ -969,7 +976,7 @@
<!--
<p class="note">We have reviewed one audit proposal that we declined to adopt as mandatory, but there is significant support to include a flexible option to enable auditing. We may include a smaller-scoped proposal in the future, or may drop auditing all together.</p>
-->
-</section></section>
+</section>
</section></section>
<section id="acknowledgements">
<h1>Acknowledgements</h1>
@@ -987,8 +994,8 @@
<p>[KnowPrivacy</p>
<p>Joshua Gomez; Travis Pinnick; Ashkan Soltani. <a href="http://www.knowprivacy.org/report/KnowPrivacy_Final_Report.pdf">KnowPrivacy.</a> 1 June 2009. URL: <a href="http://www.knowprivacy.org/report/KnowPrivacy_Final_Report.pdf">http://www.knowprivacy.org/report/KnowPrivacy_Final_Report.pdf</a></p>
</section>
-</body>
<div id="toggle-widget">
<a href="#" id="toggle-button">Hide non-normative sections</a>
</div>
+</body>
</html>
Received on Friday, 17 August 2012 19:21:35 UTC