- From: David Singer via cvs-syncmail <cvsmail@w3.org>
- Date: Fri, 07 Sep 2012 16:05:26 +0000
- To: public-tracking-commit@w3.org
Update of /w3ccvs/WWW/2011/tracking-protection/drafts
In directory hutz:/tmp/cvs-serv23997
Modified Files:
tracking-dnt.html
Log Message:
added section to complete action-226, and added Rob to acknowledgments
Index: tracking-dnt.html
===================================================================
RCS file: /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-dnt.html,v
retrieving revision 1.159
retrieving revision 1.160
diff -u -d -r1.159 -r1.160
--- tracking-dnt.html 29 Aug 2012 16:32:50 -0000 1.159
+++ tracking-dnt.html 7 Sep 2012 16:05:24 -0000 1.160
@@ -1761,7 +1761,66 @@
</dl>
</section>
+
+ <section id="transitive-exceptions">
+ <h2>Transfer of an exception to another third party</h2>
+ <p>A site may request an exception for one or more third party services used in
+ conjunction with its own offer. Those third party services may wish to use
+ other third parties to complete the request in a chain of interactions. The
+ first party will not necessarily know in advance whether a known third party
+ will use some other third parties.</p>
+ <p>If a user-agent sends a tracking exception to a given combination of origin
+ server and a named third party, the user agent will send DNT:0 to that named
+ third party. By receiving the DNT:0 header, the named third party acquires
+ the permission to track the user agent and collect the data and process it
+ in any way allowed by the legal system it is operating in.</p>
+
+ <p>Furthermore, the named third party receiving the DNT:0 header acquires at
+ least the right to collect data and process it for the given interaction and
+ any secondary use unless it receives a DNT:1 header from that particular
+ identified user agent.</p>
+
+ <p>The named third party is also allowed to transmit the collected data for
+ uses related to <strong>this</strong> interaction to its own
+ sub-services and sub-sub-services (transitive permission).
+ The tracking permission request triggered
+ by the origin server is thus granted to the named third party and its
+ sub-services. This is even true for sub-services that would normally receive a
+ DNT:1 web-wide preference from the user-agent if the user agent
+ interacted with this service directly.</p>
+
+ <p>For advertisement networks this typically would mean that the collection and
+ auction system chain can use the data for that interaction and combine it
+ with existing profiles and data. The sub-services to the named third party
+ do not acquire an independent right to process the data for independent
+ secondary uses unless they have, themselves, obtain a DNT:0
+ header from the user agent (by their own request or the request of
+ a first-party). In our example of advertisement networks that
+ means the sub-services can use existing profiles in combination with the
+ data received, but they can not store the received information into a
+ profile until they have received a DNT:0 of their own. </p>
+
+ <p>A named third party
+ acquiring an exception with this mechanism MUST make sure that sub-services
+ it uses acknowledge this constraint by requiring the use of the appropriate
+ tracking status <a href="#tracking-status-value">value</a>
+ and <a href="#status-qualifier-value">qualifier</a>, which is "XX"
+ (such as "tl"), from its sub-sub-services.</p>
+
+ <p>The permission acquired by the DNT mechanism does not override retention
+ limitations found in the legal system the content provider or the named
+ third party are operating in.</p>
+
+ <p class="issue">When the status values and qualifiers are fixed, the
+ penultimate paragraph will probably need adjusting to match. The use of "tl"
+ (which meant "tracking but only in accordance with local laws" when this text
+ was written) doesn't seem right, as the text talks, essentially, of
+ the sub-sub-service acting on behalf of the site that received the
+ DNT:0 header, which might suggest something more like "CS"
+ (service provision to a third-party that received consent).</p>
+ </section>
+
<section id="exceptions-ui" class="informative">
<h2>User interface guidelines</h2>
@@ -1892,6 +1951,7 @@
and around the W3C Tracking Protection Working Group, along with
written contributions from
Nick Doty (W3C/MIT),
+ Rob van Eijk (Invited Expert),
Roy T. Fielding (Adobe),
Tom Lowenthal (Mozilla),
Jonathan Mayer (Stanford),
Received on Friday, 7 September 2012 16:05:32 UTC