W3C home > Mailing lists > Public > public-tracking-commit@w3.org > September 2012

WWW/2011/tracking-protection/drafts tracking-dnt.html,1.159,1.160

From: David Singer via cvs-syncmail <cvsmail@w3.org>
Date: Fri, 07 Sep 2012 16:05:26 +0000
To: public-tracking-commit@w3.org
Message-Id: <E1TA13e-0006Iz-L5@lionel-hutz.w3.org>
Update of /w3ccvs/WWW/2011/tracking-protection/drafts
In directory hutz:/tmp/cvs-serv23997

Modified Files:
Log Message:
added section to complete action-226, and added Rob to acknowledgments

Index: tracking-dnt.html
RCS file: /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-dnt.html,v
retrieving revision 1.159
retrieving revision 1.160
diff -u -d -r1.159 -r1.160
--- tracking-dnt.html	29 Aug 2012 16:32:50 -0000	1.159
+++ tracking-dnt.html	7 Sep 2012 16:05:24 -0000	1.160
@@ -1761,7 +1761,66 @@
+	  <section id="transitive-exceptions">
+	    <h2>Transfer of an exception to another third party</h2>
+	    <p>A site may request an exception for one or more third party services used in 
+			conjunction with its own offer. Those third party services may wish to use 
+			other third parties to complete the request in a chain of interactions. The 
+			first party will not necessarily know in advance whether a known third party 
+			will use some other third parties.</p>
+		<p>If a user-agent sends a tracking exception to a given combination of origin 
+			server and a named third party, the user agent will send DNT:0 to that named 
+			third party. By receiving the DNT:0 header, the named third party acquires 
+			the permission to track the user agent and collect the data and process it 
+			in any way allowed by the legal system it is operating in.</p>
+		<p>Furthermore, the named third party receiving the DNT:0 header acquires at 
+			least the right to collect data and process it for the given interaction and 
+			any secondary use unless it receives a DNT:1 header from that particular 
+			identified user agent.</p>
+		<p>The named third party is also allowed to transmit the collected data for 
+			uses related to <strong>this</strong> interaction to its own 
+			sub-services and sub-sub-services (transitive permission). 
+			The tracking permission request triggered 
+			by the origin server is thus granted to the named third party and its 
+			sub-services. This is even true for sub-services that would normally receive a 
+			DNT:1 web-wide preference from the user-agent if the user agent  
+			interacted with this service directly.</p>
+		<p>For advertisement networks this typically would mean that the collection and 
+			auction system chain can use the data for that interaction and combine it 
+			with existing profiles and data.  The sub-services to the named third party 
+			do not acquire an independent right to process the data for independent 
+			secondary uses unless they have, themselves, obtain a DNT:0 
+			header from the user agent (by their own request or the request of 
+			a first-party). In our example of advertisement networks that 
+			means the sub-services can use existing profiles in combination with the 
+			data received, but they can not store the received information into a 
+			profile until they have received a DNT:0 of their own. </p>
+		<p>A named third party 
+			acquiring an exception with this mechanism MUST make sure that sub-services 
+			it uses acknowledge this constraint by requiring the use of the appropriate 
+			tracking status <a href="#tracking-status-value">value</a> 
+			and <a href="#status-qualifier-value">qualifier</a>, which is "XX"
+			(such as "tl"), from its sub-sub-services.</p>
+		<p>The permission acquired by the DNT mechanism does not override retention 
+			limitations found in the legal system the content provider or the named 
+			third party are operating in.</p>
+		<p class="issue">When the status values and qualifiers are fixed, the 
+			penultimate paragraph will probably need adjusting to match.  The use of "tl" 
+			(which meant "tracking but only in accordance with local laws" when this text 
+			was written) doesn't seem right, as the text talks, essentially, of 
+			the sub-sub-service acting on behalf of the site that received the 
+			DNT:0 header, which might suggest something more like "CS" 
+			(service provision to a third-party that received consent).</p>
+	  </section>
       <section id="exceptions-ui" class="informative">
         <h2>User interface guidelines</h2>
@@ -1892,6 +1951,7 @@
         and around the W3C Tracking Protection Working Group, along with
         written contributions from
         Nick&nbsp;Doty (W3C/MIT),
+        Rob&nbsp;van&nbsp;Eijk (Invited Expert),
         Roy&nbsp;T.&nbsp;Fielding (Adobe),
         Tom&nbsp;Lowenthal (Mozilla),
         Jonathan&nbsp;Mayer (Stanford),
Received on Friday, 7 September 2012 16:05:32 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 19:48:55 UTC