- From: Justin Brookman via cvs-syncmail <cvsmail@w3.org>
- Date: Thu, 05 Jul 2012 21:17:24 +0000
- To: public-tracking-commit@w3.org
Update of /w3ccvs/WWW/2011/tracking-protection/drafts
In directory hutz:/tmp/cvs-serv19761
Modified Files:
EditorsStrawmanComp.html
Log Message:
Updated text for permitted uses and restructured/revised party definitions
Index: EditorsStrawmanComp.html
===================================================================
RCS file: /w3ccvs/WWW/2011/tracking-protection/drafts/EditorsStrawmanComp.html,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -d -r1.3 -r1.4
--- EditorsStrawmanComp.html 3 Jul 2012 22:08:33 -0000 1.3
+++ EditorsStrawmanComp.html 5 Jul 2012 21:17:22 -0000 1.4
@@ -151,7 +151,7 @@
<section id="scope-and-goals">
<h2>Scope and Goals</h2>
- <p class="note">{NOTE: This section consists of proposed text that is meant to address <a href="http://www.w3.org/2011/tracking-protection/track/issues/6">ISSUE-6</a> and is in active discussion. Currently, it satisfies no one. Like the introduction, we will revisit and finalize once the document is more complete.</p>
+ <p class=note>This section consists of proposed text that is meant to address <a href="http://www.w3.org/2011/tracking-protection/track/issues/6">ISSUE-6</a> and is in active discussion. Currently, it satisfies no one. Like the introduction, we will revisit and finalize once the document is more complete.</p>
<p class="issue">{ISSUE:<a href="http://www.w3.org/2011/tracking-protection/track/issues/6">ISSUE-6</a>: What are the underlying concerns? Why are we doing this?</p>
<p>While there are a variety of business models to monetize content on the web, many rely on advertising. Advertisements can be targeted to a particular user's interests based on information gathered about one's online activity. While the Internet industry believes many users appreciate such targeted advertising, as well as other personalized content, there is also an understanding that some people find the practice intrusive. If this opinion becomes widespread, it could undermine the trust necessary to conduct business on the Internet. This Compliance specification and a companion [[!!TRACKING-DNT]] specification are intended to give users a means to indicate their tracking preference and to spell out the obligations of compliant websites that receive the Do Not Track message. The goal is to provide the user with choice, while allowing practices necessary for a smoothly functioning Internet. This should be a win-win for business and consumers alike. The Internet brings millions of users and web sites togther in a vibrant and rich ecosystem. As the sophistication of the Internet has grown, so too has its complexity which leaves all but the most technically savvy unable to deeply understand how web sites collect and use data about their online interactions. While on the surface many web sites may appear to be served by a single entity, in fact, many web sites are an assembly of multiple parties coming together to power a user's online experience. As an additional privacy tool, this specification provides both the technical and compliance guidelines to enable the online ecosystem to further empower users with the ability to communicate a tracking preferences to a web site and its partners.</p>
<p>The accompanying <a href="http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html#bib-TRACKING-DNT">TRACKING-DNT</a> recommendation explains how a user, through a user agent, can clearly express a desire not to be tracked. This Tracking Compliance and Scope recommendation sets the standard for the obligations of a website that receives such a DNT message.</p>
@@ -162,29 +162,397 @@
<h2>Definitions</h2>
<p class="note">{NOTE:Editor's note: The definitions section is a strawman proposal from editors based on discussion in Seattle. Many sections are not yet consensus text. I am adding material based on in-person discussions as reflected in the minutes, mailing list text, and other sources. - Heather</p>
+<section id="def-user">
+<h3>User</h3>
+<p class="note">{NOTE:Editor's note: This definition is consensus or near-consensus text from the pre-Seattle draft.</p>
+
+<p>A user is an individual human. When user-agent software accesses online resources, whether or not the user understands or has specific knowledge of a particular request, that request is made "by" the user.</p>
+</section>
+
+<section id="def-user-agent">
+<h3>User Agent</h3>
+<p class="note">{NOTE:Editor's note: This definition is consensus or near-consensus text from the pre-Seattle draft, but there may be some debate on the definition.</p>
+
+<p>This specification uses the term user agent to refer to any of the various client programs capable of initiating HTTP requests, including but not limited to browsers, spiders (web-based robots), command-line tools, native applications, and mobile apps [<a href="http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html#bib-HTTP11">HTTP11</a>].</p>
+</section>
+
<section id="def-parties">
<h3>Parties</h3>
- <p class="note">{NOTE:Seattle consensus: Party size will be based on corporate ownership with a "discoverable" list of all of the affiliates acting as one entity. Previous options can be found in the last draft, section 3.2.</p>
- <p class="note">{NOTE:Editor's note: Existing options for first and third party definitions have been removed. It's unclear that we need definitions for ‘parties' and ‘first and third parties' - so I have merged them. Easy enough to unmerge. - Heather to polish language</p>
- <p>A party is any commercial, nonprofit, or governmental organization, a subsidiary or unit of such an organization, or a person.</p>
- <p>For unique corporate entities to qualify as a common party with respect to this standard, those entities MUST be commonly owned and commonly controlled (Affiliates) and MUST provide “easy discoverability” of affiliate organizations. An “Affiliate List” MUST be provided within one click from each page or the entity owner clearly identified within one click from each page. </p>
- <p><i>Example:</i> A clear labeled link to the Affiliate List within the privacy policy would meet this requirement or the ownership brand clearly labeled on the privacy policy itself.</p>
- <p class="note">{NOTE: Previous non-normative text for similar discoverable affiliates text read "This may be accomplished in many ways, including but not limited to, prominent and common branding on site pages, "one click away" within Privacy Policies, and, if available, a programmatic list of domains that share common ownership (affiliation)."</p>
- <p>A First Party is the party that owns the Web site or has control over the Web site the user visits. A party may start out as a third party but become a first party later on, after the user meaningfully interacts with it.</p>
- </section>
+ <h2>Definitions</h2>
+A <dfn>functional entity</dfn> is any commercial, nonprofit, or governmental organization, a subsidiary or unit of such an organization, or a person.
+<br/><br/>
+Functional entities are <dfn>affiliated</dfn> when they are related by both common majority ownership and common control.
+<br/><br/>
+A <dfn>party</dfn> is a set of functional entities that are affiliated.
+
+ <section>
+<h2>Transparency</h2>
+<section>
+<h2>Requirement</h2>
+A <a>functional entity</a> must make its <a>affiliated</a> functional entities easily discoverable by a user.
+</section>
+<section>
+<h2>Non-Normative Discussion</h2>
+Affiliation may be made easily discoverable by prominent and common branding by a functional entity of affiliation on its webpages, within a privacy policy linked from its webpages, or a machine-readable format in a well-known location.
+</section></section>
<section id="def-service-providers">
- <h3>Service Providers/Outsourcers</h3>
- <p class="note">{NOTE:Editor's note: Added definition here since it is more appropriate than in compliance section. Clarified language.</p>
- <p>Service Providers acting on the behalf of a First Party, and with no independent rights to use the First Party's data outside of the context of that First Party and Permitted Uses, are also considered a First Party.</p>
- <p>It is possible to have multiple first parties on a single page but each party must provide clear branding and a link to their respective privacy policy (co-branded experience).</p>
- <p class="c11 c0"></p>
- <p>A Third Party is any party other than a First Party, Service Provider, or a user.</p>
- </section>
+ <h4>Service Providers/Outsourcers</h4>
+
+ <p class=note>This section was taken largely from the combo draft Aleecia shared is Seattle, which was based an expansion of the Mayer pre-Seattle draft to allow for outsourcing by both first and third parties. I am not sure there is consensus around this proposal.</p>
+<p>This section applies to parties engaging in an outsourcing relationship, wherein one party "stands in the shoes" of another party to perform a specific task. Both parties have responsibilities, as detailed below.</p>
+
+<p>
+ A <a>first party</a> or a <a>third party</a> MAY outsource functionality to another <a>party</a>, in which case the <a>third party</a> may act as the original <a>first party</a> or <a>third party</a> under this standard, with the following additional restrictions:
+</p>
+<ul>
+ <li> Data collected by each outsourced company is separated for each party they collect data for by both technical means and organizational process, AND </li>
+ <li> The outsourced company has no independent rights to the collected information, AND </li>
+ <li> A contractual relationship exists between the outsourced and the party they collect data for that outlines and mandates these requirements. </li>
+ </ul>
+
+<p>An outsourced company acting on the behalf of another party is subject to all of the same restrictions on that party (for First or Third party, as appropriate.)</p>
+
+<section class="informative">
+ <h2>Non-Normative</h2>
+ <p>Outsourced companies that act purely as vendors for their customers (often first parties in this context) are not the intended target for the Tracking Preference Expression but it is important there are no unintended activities that are extended to another party through this allowance. In all cases, its expected an outsourced company acting on the part of a customer follows all of the same restrictions placed on that customer.</p>
+
+ <p>For the data separation requirement, outsourced companies have technical options to achieve appropriate separation but in each the critical element is that data is never reconstituted for users that have indicated a preference not to be tracked. One possible approach would be to leverage a per partner hash against a common cookie identifier, ensuring the resulting identifier is consistent for a specific customer, but is unable to be linked with another customer’s identifier.</p>
+
+ <p>Contractual requirements that enforce data rights and responsibilities for separation are a critical element of establishing an outsourcer acting on another party’s behalf. Contracts may occur directly through parties (for example, a Publisher in an Ad Network) or between intermediaries (for example, an Ad Network acting through an Ad Exchange). In either case, data separation and removal of independent rights are necessary elements that must survive intermediary contractual constructs.</p>
+ </section> <!-- closes non-normative, h2 -->
+
+ <section>
+ <h2>Technical Precautions</h2>
+<p>
+ Throughout all data <a>collection</a>, <a>retention</a>, and <a>use</a>, outsourced parties MUST use all feasible technical precautions to both mitigate the identifiability of and prevent the identification of data from different first parties.
+</p>
+
+<p>
+ Structural separation ("siloing") of data per first party, including both
+<ol>
+ <li>separate data structures and</li>
+ <li>avoidance of shared unique identifiers</li>
+</ol>
+
+<p>
+are necessary, but not necessarily sufficient, technical precautions.
+</p>
+ </section> <!-- closes technical precautions, h2 -->
+
+ <section class="informative">
+ <h2>Non-Normative Discussion</h2>
+ <section>
+ <h3>Siloing in the Browser</h3>
+<p>
+ Outsourcing services should use browser access control features so that stored data specific to one party is never accessed or collected when the user visits another party.
+</p>
+
+ <section>
+ <h4>Same-Origin Policy</h4>
+<p>
+ The same-origin policy silos stored data by domain name. An outsourcing service can use a different domain name for each first party.
+</p>
+
+ <pre class="example">
+ Example Analytics provides an outsourced analytics service to Example News
+ and Example Sports, two unrelated websites. Example Analytics stores its
+ cookies for Example News at examplenews.exampleanalytics.com, and it
+ stores its cookies for Example Sports at
+ examplesports.exampleanalytics.com.
+ </pre>
+ </section> <!-- closes same origin policy, h4 -->
+
+ <section>
+ <h4>Cookie Path Attribute</h4>
+<p>
+ The HTTP cookie path can be used to silo data to a first party.
+</p>
+
+ <pre class="example">
+ Example Analytics stores its cookies for Example News with
+ "Path=/examplenews", and it stores its cookies for Example Sports with
+ "Path=/examplesports".
+ </pre>
+
+ </section> <!-- closes cookie path attribute, h4 -->
+
+ <section>
+ <h4>Storage Key</h4>
+<p>
+ For key/value storage APIs, such as Web Storage and Indexed Database, an outsourcing service can use a different key or key prefix for each first party.
+ <pre class="example">
+ Example Analytics stores data for Example News at
+ window.localStorage["examplenews"] and data for Example Sports at
+ window.localStorage["examplesports"].
+ </pre>
+ </section> <!-- closes storage key, h4 -->
+ </section> <!-- closes siloing in the browser, h3 -->
+
+ <section>
+ <h3>Siloing in the Backend</h3>
+ <section>
+ <h4>Encryption Keys</h4>
+<p>
+ An outsourcing service should encrypt each <a>first party</a>'s data with a different set of keys.
+</p>
+ </section> <!-- closes encryption keys, h4 -->
+
+ <section>
+ <h4>Access Controls</h4>
+<p>
+ An outsourcing service should deploy access controls so that only authorized personnel are able to access siloed data, and only for authorized purposes.
+</p>
+ </section> <!-- closes access controls, h4 -->
+
+ <section>
+ <h4>Access Monitoring</h4>
+<p>
+ An outsourcing service should deploy access monitoring mechanisms to detect improper use of siloed data.</p>
+ </section> <!-- closes access monitoring, h4 -->
+ </section> <!-- closes siloing in the Backend, h3 -->
+
+ <section>
+ <h3>Retention in the Backend</h3>
+<p>
+ An outsourcing service should <a>retain</a> information only so long as necessary to provide necessary functionality to a first party. If a service creates periodic reports, for example, it should delete the data used for a report once it is generated. An outsourcing service should be particularly sensitive to retaining protocol logs, since they may allow correlating user activity across multiple first parties.
+</p>
+ </section> <!-- closes retention in the backend, h3 -->
+ </section> <!-- closes Non-Normative Discussion, h2 -->
+
+ <section>
+ <h2>Internal Practices</h2>
+<p>
+ Throughout all data collection, retention, and use, outsourced parties MUST use sufficient internal practices to prevent the identification of data from different parties.
+</p>
+
+ <section class="informative">
+ <h3>Non-Normative Discussion</h3>
+ <section>
+ <h4>Policy</h4>
+<p>
+ An outsourcing service should establish a clear internal policy that gives guidance on how to <a>collect</a>, <a>retain</a>, and <a>use</a> outsourced data in compliance with this standard.
+</p>
+ </section> <!-- closes policy, h4 -->
+
+ <section>
+ <h4>Training</h4>
+<p>
+ Personnel that interact with outsourced data should be familiarized with internal policy on compliance with this standard.
+</p>
+ </section> <!-- closes Training, h4 -->
+
+ <section>
+ <h4>Supervision and Reporting</h4>
+<p>
+ An outsourcing service should establish a supervision and reporting structure for detecting improper access.
+</p>
+ </section> <!-- closes supervision and reporting, h4 -->
+
+ <section>
+ <h4>Auditing</h4>
+<p>
+ External auditors should periodically examine an outsourcing service to assess whether it is in compliance with this standard and has adopted best practices. Auditor reports should be made available to the public.
+</p>
+
+ </section> <!-- closes auditing, h4 -->
+ </section> <!-- closes non-normative discussion, h3 -->
+ </section> <!-- closes internal practices, h2 -->
+
+ <section>
+ <h2>Use Direction</h2>
+<p>
+ An outsourced service:
+</p>
+
+<ol>
+ <li>MUST <a>use</a> data <a>retained</a> on behalf of a <a>party</a> ONLY on behalf of that <a>party</a>, and</li>
+ <li>MUST NOT <a>use</a> data <a>retained</a> on behalf of a <a>party</a> for their own business purposes, or for any other reasons.</li>
+</ol>
+
+ </section> <!-- closes use direction, h2 -->
+
+ <section>
+ <h2>First Party or Third Party Requirements</h1>
+ <section>
+ <h3>Representation</h3>
+<p>
+ A <a>party</a>'s representation that it is in compliance with this standard includes a representation that its outsourcing parties comply with this standard.
+</p>
+ </section> <!-- closes representation, h3 -->
+
+ <section>
+ <h3>Contract</h3>
+<p>
+ A <a>first party</a> MUST enter into a contract with an outsourced party that requires that outsourced party to comply with these requirements.
+</p>
+ </section> <!-- closes contract, h3 -->
+ </section> <!-- closes first or third party requirements, h2 -->
+ </section></section>
+
+ <section id="first-third-parties">
+ <h3>First and Third Parties</h3>
+
+ <section><h4>Definitions</h4>
+
+<p>A <dfn>first party</dfn> is any <a>party</a>, in a specific <a>network interaction</a>,
+ that can infer with high probability that the user knowingly and
+ intentionally communicated with it. Otherwise, a party is a third
+ party.</p>
+
+<p>A <dfn>third party</dfn> is any <a>party</a>, in a specific <a>network interaction</a>,
+ that cannot infer with high probability that the user knowingly and
+ intentionally communicated with it.</p>
+
+ </section>
+ <section>
+<h2>Non-Normative Discussion</h2>
+
+<section>
+<h2>Overview</h2>
+
+<p>We draw a distinction between those parties an ordinary user would
+ or would not expect to share information with, "first parties" and
+ "third parties" respectively. The delineation exists for three
+ reasons.</p>
+
+<p>First, when a user expects to share information with a party,
+ she can often exercise control over the information flow.
+ Take, for example, Example Social, a popular
+ social network. The user may decide she does not like Example
+ Social's privacy or security practices, so she does not visit
+ examplesocial.com. But if Example Social provides a social sharing
+ widget embedded in another website, the user may be unaware she is
+ giving information to Example Social and unable to exercise control
+ over the information flow.</p>
+
+<p>Second, we recognize that market pressures are an important factor
+ in encouraging good privacy and security practices. If users do not
+ expect that they will share information with an organization, it is
+ unlikely to experience market pressure from users to protect the security
+ and privacy of their information. In practice, moreover, third parties
+ may not experience sufficient market pressure from first parties
+ since increasingly third parties do not have a direct business relationship
+ with the first party websites they appear on. We therefore
+ require a greater degree of user control over information sharing
+ with such organizations. </p>
+
+<p>Last, third parties are often in a position to collect a sizeable
+ proportion of a user's browsing history – information that can be
+ uniquely sensitive and easily associated with a user's identity. We
+ wish to provide user control over such information flows.</p>
+
+<p>We recognize that, unlike with a bright-line rule, there can be
+ close calls in applying our standard for what constitutes a first
+ party or a third party. But we believe that in practice, such close
+ calls will be rare. The overwhelming majority of content on the web
+ can be classified as first party or third party, with few cases of ambiguity
+ in practice.</p>
+
+<p>We require a confidence at a "high probability" before a party can
+ consider itself a first party. Where there is reasonable ambiguity
+ about whether a user has intentionally interacted with a party, it
+ must consider itself a third party. Our rationale is that, in
+ the rare close cases, a website is in the best position to understand
+ its users' expectations. We therefore impose the burden of
+ understanding user expectations on the website. We also wish, in
+ close cases, to err on the side of conforming to user expectations
+ and protecting user privacy. If the standard is insufficiently
+ protective, ordinary users have limited recourse; if the standard
+ imposes excessive limits, websites retain the safety valve of explicitly
+ asking for user permission.</p>
+
+ <p>In some cases, web requests are redirected through intermediary domains,
+such as url shorteners or framing pages, before eventually delivering
+the content that the user was attempting to access. The operators of
+these intermediary domains are third parties, unless they are a common
+party to the operator of either the referring page or the eventual
+landing page.</p>
+
+<p><i>Examples</i></p>
+<ol>
+<li>A user accesses an Example News article. The page includes an
+ advertisement slot, which loads content from many companies other
+ than Example News. Those companies are third parties.</li>
+<li> A user accesses an Example News article. The page includes an
+ analytics script that is hosted by Example Analytics, an analytics
+ service. Example Analytics is a third party.</li>
+<li> A user accesses an Example News article. It includes a social
+ sharing widget from Example Social, a popular social network.
+ Example Social is a third party.</li>
+<li> A user visits Example Diary, which is hosted by the free blogging
+ service Example Blog Hosting but located at examplediary.com. Example
+ Blog Hosting is a third party.</li>
+<li> A user launches Example Application, an app on a mobile device.
+ The app includes a library from Example Advertising Network that displays
+ ads. Example Advertising Network is a third party.</li>
+<li>A user visits Example Social and sees the language: "Check out this
+Example News article on cooking: sho.rt/1234". The user clicks the link
+which directs the user to a page operated by the company Example Sho.rt
+which then redirects the user to a page operated by Example News.
+Example Social and Example News and first parties, and Example Sho.rt is
+a third party.</li>
+<li> A user visits Example Social and sees a hyperlink reading: "Check out
+this Example News article on cooking." A user clicks the link which
+points to framing.com/news1234. This page loads nothing but a frame
+which contains the cooking article from Example News, but all links are
+rewritten to pass through framing.com which is operated by Example
+Framing. Example Social and Example News are first parties and Example
+Framing is a third party.</li>
+</ol></section>
+
+ <section>
+<h1>Multiple First Parties</h1>
+<p>There will almost always be only one party that the average user would
+expect to communicate with: the provider of the website the user has
+visited. But, in rare cases, users may expect that a website is
+provided by more than one party. For example, suppose Example Sports,
+a well known sports league, collaborates with Example
+Streaming, a well known streaming video website, to provide content at
+www.examplesportsonexamplestreaming.com. The website is prominently advertised
+and branded as being provided by both Example Sports and Example Streaming. An ordinary
+user who visits the website may recognize that it is operated by both Example Sports and
+Example Streaming.</p>
+ </section>
+
+ <section>
+<h1>User Interaction with Third-Party Content</h1>
+<p>A party may start out as a third party but become a first party
+ later on, after a user interacts with it. If content from a third
+ party is embedded on a first party page, the third party may become
+ an additional first party if it can infer with high probability that
+ the average user knowingly and intentionally communicated with it.
+ If a user merely moused over, closed, or muted third-party content,
+ the party would not be able to draw such an inference. </p>
+
+
+<p><i>Examples</i></p>
+
+<ol><li>Example Weather offers an unbranded weather widget
+ that is embedded into websites, including Example News. The widget
+ contains small links to Example Weather's website and privacy
+ policy. A user visits Example News and scrolls through the weekly
+ forecast in the Example Weather widget. Example Weather is a third party. The user has
+ interacted with Example Weather's widget, but an ordinary user would
+ not expect that scrolling through the widget involves communicating
+ with Example News.</li>
+<li>Example Social, a popular social network, hosts a
+ social sharing button that other websites can embed. The button is
+ colored and styled in the same fashion as Example Social's website,
+ contains descriptive text that is specific to Example Social,
+ includes Example Social's logo, and very frequently appears on
+ Example Social's website. Example News embeds the Example Social
+ button, and a user clicks it. Example Social is a first party once the user clicks its
+ embedded social sharing button. The average user would understand that by
+ clicking the button she is communicating with Example Social.</li></ol>
+
+ </section>
+ </section>
+ </section>
<section id="def-unident">
<h3>Unidentified Data</h3>
- <p class="note">{NOTE:Editor's note: It is not yet clear what the correct term for this kind of data is. Unlinkable, unlinked, unidentified are all open options.</p>
+ <p class=note>There is debate about whether to use the terms unlinkable, unlinked, or unidentified to describe this type of data.</p>
<p>A dataset is un-linkable when commercially reasonable steps have been taken to de-identify data such that there is confidence that it contains information which could not be linked to a specific user, user agent, or device in a production environment, and which the entity will commit to make no effort to re-identify, and prohibit downstream recipients of un-linkable data from re-identifying it.</p>
<p class="note">{NOTE: Un-linkable Data is outside of the scope of the Tracking Preference standard as information is no longer reasonably linked to a particular user, user agent, or device. </p>
<p class="informative">{NON-NORM:Non-normative explanatory text: There are many valid and technically appropriate methods to de-identify or render a data set "un-linkable". In all cases, there should be confidence the information is not easily reverted to a "linkable" state.</p>
@@ -257,26 +625,12 @@
</section>
</section>
-<section id="FIXME">
+<section id="def-interaction">
<h3>Meaningful Interaction</h3>
<p class="note">{NOTE:Editor's note: This definition is consensus or near-consensus text from the pre-Seattle draft. Wording needs polish to ensure it works with accessibility issues, but other than minor edits this is agreed upon.</p>
<p>"Meaningful Interaction" with a widget or window initially presented on a third-party basis means clicking on such content (except to stop, close, silence, or otherwise impair the rendering of such content) or otherwise affirmatively engaging with the content in a manner that would reasonably be interpreted to express an affirmative intention to interact with that party. A user merely moving her cursor across the widget or window does not constitute "meaningful interaction."</p>
</section>
-<section id="def-user">
-<h3>User</h3>
-<p class="note">{NOTE:Editor's note: This definition is consensus or near-consensus text from the pre-Seattle draft.</p>
-
-<p>A user is an individual human. When user-agent software accesses online resources, whether or not the user understands or has specific knowledge of a particular request, that request is made "by" the user.</p>
-</section>
-
-<section id="def-user-agent">
-<h3>User Agent</h3>
-<p class="note">{NOTE:Editor's note: This definition is consensus or near-consensus text from the pre-Seattle draft, but there may be some debate on the definition.</p>
-
-<p>This specification uses the term user agent to refer to any of the various client programs capable of initiating HTTP requests, including but not limited to browsers, spiders (web-based robots), command-line tools, native applications, and mobile apps [<a href="http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html#bib-HTTP11">HTTP11</a>].</p>
-</section>
-
<section id="editorsnotes-def">
<h3>Editor's Drafting Notes</h3>
<p class="issue">{ISSUE:<a href="http://www.w3.org/2011/tracking-protection/track/issues/97">ISSUE-97</a> : A special rule for URL-shortening services remains an open issue and is not addressed in the proposal put forward in 3.2 through 3.4.</p>
@@ -299,12 +653,14 @@
<p>The First Party must not pass information about this transaction to non-service provider third parties who could not collect the data themselves under this Recommendation. </p>
</section>
+
<section id="user-agent-compliance">
<h3>User Agent Compliance</h3>
<p>A user agent MAY offer a control to express a tracking preference to third parties. The control MUST communicate the user's preference in accordance with the [[!!TRACKING-DNT]] recommendation and otherwise comply with that recommendation. A user agent MUST NOT express a tracking preference for a user unless the user has interacted with the user agent in such a way as to indicate a tracking preference.</p>
<p>We do not specify how tracking preference choices are offered to the user or how the preference is enabled: each implementation is responsible for determining the user experience by which a tracking preference is enabled. For example, a user might select a check-box in their user agent's configuration, install an extension or add-on that is specifically designed to add a tracking preference expression, or make a choice for privacy that then implicitly includes a tracking preference (e.g., "Privacy settings: high"). Likewise, a user might install or configure a proxy to add the expression to their own outgoing requests.</p>
<p class="option">NOTE: Shane's proposal has suggested the additional compliance requirements of user agents:<br>1. A User Agent must obtain explicit, informed consent to turn on the DNT header<br>2. The User Agent must also make available via a link in explanatory text where DNT is enabled to provide more detailed information about DNT functionality<br>3. Any User Agent claiming compliance must have a functional implementation of the browser exceptions in this specification</p>
</section>
+
<section id="third-party-compliance">
<h3>Third Party Compliance</h3>
<p class="note">NOTE: This language was the more general of the two previous options in the draft. The other text was more specific and prescriptive with regard to identifers --- this view is now presented as an option in the permitted collection and usage for operational use.</p>
@@ -368,39 +724,47 @@
<section id=contextual>
<h5>Contextual Content or Ad Delivery</h5>
-<p class="note">To be added later</p></section>
+<p>The display of contextual content or advertisements, including content or advertisements based on the first-party domain that the user visited.</p>
+
+<p><i>Examples</i></p>
+
+<p class=informative><ol><li>A user visits ExampleSports.com with DNT:1 enabled to read a news article about a baseball game. ExampleSports uses the third party ExampleAds to serve ads on ExampleSports.com. ExampleAds is not an outsourcing partner of ExampleSports, and often uses third-party behavioral data to serve targeted ads to users who have not enabled DNT:1. ExampleAds may collect and use inforation about the user in order to render an advertisement (including IP address and information about the user agent) and information about the url of the news article in order to render an advertisement related to the baseball game.</li><br><li>A user visits ExampleLocalNews.com with DNT:1 enabled to read a news article about a local fire. ExampleLocalNews uses the third party ExampleWeather to display a weather widget on its site. ExampleWeather is not an outsourcing partner of ExampleLocalNews. ExampleWeather may collect and user information about the user in order to render the weather widget (includig IP address and information about the user agent) and information about the domain of the news site in order to render weather information related to the city which ExampleLocalNews reports on.</li><br></ol></p>
+
+<p class=option>The display of content or advertisements based in part of data that the third party previously collected from the user when acting as a first party.</p>
+
+<p class=informative><i>Examples</i><br><ol><li>A user visits ExampleNews.com with DNT:1 enabled to read a story about a national election. ExamplesNews uses the third party ExamplePortal to serve content and advertisements on its site. ExamplePortal is not an outsourcing partner of ExampleNews. The user had previously visited ExamplePortal.com with DNT:1 enabled and read several stories about golf. ExamplePortal may serve an advertisement related to golf to that same user on ExampleNews. However, ExamplePortal may not use the fact that user went to ExampleNews to add to the user's ExamplePortal profile, and may only retain and use information about that fact for a permitted operational use.</li><br><li>A user visits Example Music with DNT:1 enabled to listen to recently released albums streamed online. Example Music uses the third party Example Social to provide a widget that shows users what their Example Social friends have done on ExampleMusic. ExampleSocial is not an outsourcing partner of ExamleMusic. The user is a member of ExampleSocial and has several friends who also share information about what they do on ExampleMusic on ExampleSocial. ExampleSocial may display information that the users' friends had shared on ExampleSocial related to ExampleMusic within its third-party widget on ExampleMusic. However, ExampleSocial may not use the fact that user went to ExampleMusic to add to the user's ExampleSocial profile, and may only retain and use information about that fact for a permitted operational use.</li></ol></p></section>
<section id="frequency-capping">
<h5>Frequency Capping</h5>
-<p class="note">Text is based on breakout group discussion, and large group presentation, at the Seattle meeting.</p>
+<p>Limiting the number of times that a user sees a particular advertisement.</p>
-<p>Server-side frequency capping is allowed if the tracking identifier is only retained in a form that is unique to each super-campaign (e.g., one-way hashed with a campaign id) and does not include retention of the user's activity trail (page URIs on which the ads were delivered) aside from what is allowed for other permitted uses.</p>
-<p class="note">{NOTE:Editor's note: It's unclear whether this should be a highly specific permitted use, or more general guidelines around content delivery.</p>
-<p class="note">{NOTE: Data should not include a full URL trail for this permitted use, but rather simple campaign tracking.</p>
+<p><i>Example</i></p>
-<p class="informative">{NON-NORM:Non-normative explanatory text: Restricting the number of times a user agent displays ads prevents a user from having to see repetitive ads, prevents publishers from displaying repetitive ads, and prevents advertisers from harming the reputation of their clients. Examples of important data uses include, but are not limited to reach and frequency metrics, ad performance, logging the number and type of advertisements served on a particular Web site(s), and reporting.</p></section>
+<p class=informative>A user visits ExampleNews with DNT:1 enabled. ExamplesNews uses the third party ExampleAds to serve content and advertisements on its site. ExampleAds is not an outsourcing partner of ExampleNews. ExampleAds has previously shown the user an ad for ExampleCars fives times in the past week on other sites. ExampleCars' contract with Example Ads states that Example Ads will be paid less for impressions where the user sees an ad more than five times in a week. ExampleAds may opt not to show the user the ad for ExampleCars because the user has already seen the ad five times on other sites.</p>
+
+<p class=option>In Seattle, we discussed specifically limiting how data was stored for frequency capping.<br><br>Server-side frequency capping is allowed if the tracking identifier is only retained in a form that is unique to each super-campaign (e.g., one-way hashed with a campaign id) and does not include retention of the user's activity trail (page URIs on which the ads were delivered) aside from what is allowed for other permitted uses.</p></section>
<section id=financial-logging">
<h5>Financial Logging and Auditing</h5>
-<p class="note">{NOTE:Editor's note: Text is based on breakout group discussion, and large group presentation, at the Seattle meeting.</p>
+<p>For financial fulfillment purposes such as billing and audit compliance. This includes counting and verifiying:<ul><li>ad impressions to unique visitors</li><li>clicks by unique visitors</li><li>subsequent action or conversion by unique visitors</li><li>quality measures such as ad position on sites and the sites on which the ads were served</li></p>
-<p>Data MAY be collected and used for the limited purpose of financial fulfillment such as billing and audit compliance. This purpose is strictly necessary for the continued operation of most websites and requires uniqueness to prove user interactions (ad impression and ad click) were indeed achieved as billed for.</p>
-<p class="note">{NOTE: All existing contracts may be honored as part of a phase-in process. New contracts should keep this permitted use in mind. Contracts should not be used to create a work-around for compliance with this draft.</p>
+<p><i>Examples</i></p>
-<p class="informative">{NON-NORM:Non-normative explanatory text: Typically all relevant advertising order criteria is necessary for retention of ad interactions. </p>
-<p>Examples of data uses include, but are not limited to:</p>
-<ol start="1"><li>Ad Impression verification (CPM)</li><li>Ad Click verification (CPC)</li><li>Site Conversion associated with Ad Impression or Ad Click (CPA)</li><li class="c0 c1">Quality Measures such as ad position (location on page, above/below fold) and site the ad was served on (high quality vs. low quality content association)</li></ol><p></p></section>
+<p class=note>Add examples for display verification, click verification, CPA, quality measures</p></section>
-<section id=security">
+<p class=option>One potential compromise on the unique identifier issue for logging would be grandfather in existing contracts that require unique, cookie-based counting. New contracts would not be able to require that ad networks use cookies (or other unique identifiers) to uniquely count users who have DNT:1 enabled.</p>
+
+<section id="security">
<h5>Security and Fraud Prevention</h5>
-<p class="note">{NOTE:Editor's note: Text is based on breakout group discussion, and large group presentation, at the Seattle meeting.</p>
-<p>Data MAY be collected, maintained and used for the express purpose of detecting security risks and fraudulent activity, defending from attacks and fraud, and maintaining integrity of the service. This includes data reasonably necessary for enabling authentication/verification, detecting hostile transactions and attacks, providing fraud prevention, and maintaining system integrity.</p>
-<p class="note">{NOTE: While it is hard to determine in advance what data will be needed for security and fraud protection, it is worth careful consideration how to best collect only useful information for these purposes.</p>
+<p>For detecting security risks and fraudulent activity, defending from attacks and fraud, and maintaining integrity of the service. This includes data reasonably necessary for enabling authentication/verification, detecting hostile transactions and attacks, providing fraud prevention, and maintaining system integrity.</p>
+<p class=note>While it is hard to determine in advance what data will be needed for security and fraud protection, it is worth careful consideration how to best collect only useful information for these purposes.</p>
-<p class="informative">{NON-NORM:Non-normative explanatory text: Restricting security and fraud detection and defense efforts could harm users. We do not want to mistakenly turn Do Not Track into a signal for user vulnerability.</p></section>
+<p class="informative">Non-normative explanatory text: Restricting security and fraud detection and defense efforts could harm users. We do not want to mistakenly turn Do Not Track into a signal for user vulnerability.</p>
+<p><i>Examples</i></p>
+<p class=note>Add examples</p></section>
<section id=debugging>
<h5>Debugging</h5>
Received on Thursday, 5 July 2012 21:17:27 UTC