- From: CVS User npdoty <cvsmail@w3.org>
- Date: Mon, 10 Jun 2013 19:54:46 +0000
- To: public-tracking-commit@w3.org
Update of /w3ccvs/WWW/2011/tracking-protection/drafts
In directory gil:/tmp/cvs-serv17026
Modified Files:
tracking-compliance-june.html
Log Message:
make plain HTML, correct copyright notice, remove empty editors dl
--- /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-compliance-june.html 2013/06/10 04:48:34 1.1
+++ /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-compliance-june.html 2013/06/10 19:54:46 1.2
@@ -1,72 +1,236 @@
<!DOCTYPE html>
-<html lang="en" dir="ltr">
-<head>
+<html dir="ltr" lang="en"><head>
<title>Tracking Compliance and Scope - June Draft</title>
- <meta http-equiv="Content-Type" content="text/html;charset=utf-8">
- <script src='http://www.w3.org/Tools/respec/respec-w3c-common' class='remove' async></script>
- <script class="remove">
- var respecConfig = {
- specStatus: "unofficial",
- shortName: "tracking-compliance",
- editors: [],
- wg: "Tracking Protection Working Group",
- wgURI: "http://www.w3.org/2011/tracking-protection/",
- wgPublicList: "public-tracking",
- wgPatentURI: "http://www.w3.org/2004/01/pp-impl/49311/status",
- issueBase: "http://www.w3.org/2011/tracking-protection/track/issues/",
- }
- </script>
- <link rel="stylesheet" href="additional.css" type="text/css" media="screen"
- title="custom formatting for TPWG editors">
-</head>
-<body>
- <section id="abstract">
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+ <style>/* --- ISSUES/NOTES --- */
+div.issue-title, div.note-title {
+ padding-right: 1em;
+ min-width: 7.5em;
+ color: #b9ab2d;
+}
+div.issue-title { color: #e05252; }
+div.note-title { color: #2b2; }
+div.issue-title span, div.note-title span {
+ text-transform: uppercase;
+}
+div.note, div.issue {
+ margin-top: 1em;
+ margin-bottom: 1em;
+}
+.note > p:first-child, .issue > p:first-child { margin-top: 0 }
+.issue, .note {
+ padding: .5em;
+ border-left-width: .5em;
+ border-left-style: solid;
+}
+div.issue, div.note {
+ padding: 1em 1.2em 0.5em;
+ margin: 1em 0;
+ position: relative;
+ clear: both;
+}
+span.note, span.issue { padding: .1em .5em .15em; }
+
+.issue {
+ border-color: #e05252;
+ background: #fbe9e9;
+}
+.note {
+ border-color: #52e052;
+ background: #e9fbe9;
+}
+</style>
+<style>/*****************************************************************
+ * ReSpec 3 CSS
+ * Robin Berjon - http://berjon.com/
+ *****************************************************************/
+
+/* --- INLINES --- */
+em.rfc2119 {
+ text-transform: lowercase;
+ font-variant: small-caps;
+ font-style: normal;
+ color: #900;
+}
+
+h1 acronym, h2 acronym, h3 acronym, h4 acronym, h5 acronym, h6 acronym, a acronym,
+h1 abbr, h2 abbr, h3 abbr, h4 abbr, h5 abbr, h6 abbr, a abbr {
+ border: none;
+}
+
+dfn {
+ font-weight: bold;
+}
+
+a.internalDFN {
+ color: inherit;
+ border-bottom: 1px solid #99c;
+ text-decoration: none;
+}
+
+a.externalDFN {
+ color: inherit;
+ border-bottom: 1px dotted #ccc;
+ text-decoration: none;
+}
+
+a.bibref {
+ text-decoration: none;
+}
+
+cite .bibref {
+ font-style: normal;
+}
+
+code {
+ color: #ff4500;
+}
+
+/* --- TOC --- */
+.toc a, .tof a {
+ text-decoration: none;
+}
+
+a .secno, a .figno {
+ color: #000;
+}
+
+ul.tof, ol.tof {
+ list-style: none outside none;
+}
+
+.caption {
+ margin-top: 0.5em;
+ font-style: italic;
+}
+
+/* --- TABLE --- */
+table.simple {
+ border-spacing: 0;
+ border-collapse: collapse;
+ border-bottom: 3px solid #005a9c;
+}
+
+.simple th {
+ background: #005a9c;
+ color: #fff;
+ padding: 3px 5px;
+ text-align: left;
+}
+
+.simple th[scope="row"] {
+ background: inherit;
+ color: inherit;
+ border-top: 1px solid #ddd;
+}
+
+.simple td {
+ padding: 3px 10px;
+ border-top: 1px solid #ddd;
+}
+
+.simple tr:nth-child(even) {
+ background: #f0f6ff;
+}
+
+/* --- DL --- */
+.section dd > p:first-child {
+ margin-top: 0;
+}
+
+.section dd > p:last-child {
+ margin-bottom: 0;
+}
+
+.section dd {
+ margin-bottom: 1em;
+}
+
+.section dl.attrs dd, .section dl.eldef dd {
+ margin-bottom: 0;
+}
+</style><link href="http://www.w3.org/StyleSheets/TR/w3c-unofficial.css" rel="stylesheet"></head>
+<body class="h-entry"><div class="head">
+ <p>
+
+ </p>
+ <h1 class="title p-name" id="title">Tracking Compliance and Scope - June Draft</h1>
+
+ <h2 id="unofficial-draft-09-june-2013">Unofficial Draft <time class="dt-published" datetime="2013-06-09">09 June 2013</time></h2>
+ <p class="copyright">
+ <a href="http://www.w3.org/Consortium/Legal/ipr-notice#Copyright">Copyright</a> ©
+ 2013
+
+ <a href="http://www.w3.org/"><abbr title="World Wide Web Consortium">W3C</abbr></a><sup>®</sup>
+ (<a href="http://www.csail.mit.edu/"><abbr title="Massachusetts Institute of Technology">MIT</abbr></a>,
+ <a href="http://www.ercim.eu/"><abbr title="European Research Consortium for Informatics and Mathematics">ERCIM</abbr></a>,
+ <a href="http://www.keio.ac.jp/">Keio</a>, <a href="http://ev.buaa.edu.cn/">Beihang</a>), All Rights Reserved.
+ <abbr title="World Wide Web Consortium">W3C</abbr> <a href="http://www.w3.org/Consortium/Legal/ipr-notice#Legal_Disclaimer">liability</a>,
+ <a href="http://www.w3.org/Consortium/Legal/ipr-notice#W3C_Trademarks">trademark</a> and
+ <a href="http://www.w3.org/Consortium/Legal/copyright-documents">document use</a> rules apply.
+ </p>
+ <hr>
+</div>
+ <section class="introductory" id="abstract"><h2>Abstract</h2>
<p>
This specification defines the meaning of a Do Not Track (DNT)
preference and sets out practices for websites to comply with this
preference.
</p>
- </section>
+ </section><section id="sotd" class="introductory"><h2>Status of This Document</h2>
+
+ <p>
+ This document is merely a public working draft of a potential specification. It has
+ no official standing of any kind and does not represent the support or consensus of any
+ standards organisation.
+ </p>
+
+
+</section><section id="toc"><h2 class="introductory">Table of Contents</h2><ul class="toc"><li class="tocline"><a class="tocxref" href="#scope-and-goals"><span class="secno">1. </span>Scope</a></li><li class="tocline"><a class="tocxref" href="#definitions"><span class="secno">2. </span>Definitions</a></li><li class="tocline"><a class="tocxref" href="#user-agent-compliance"><span class="secno">3. </span>User Agent Compliance</a></li><li class="tocline"><a class="tocxref" href="#first-party-compliance"><span class="secno">4. </span>First Party Compliance</a></li><li class="tocline"><a class="tocxref" href="#third-party-compliance"><span class="secno">5. </span>Third Party Compliance</a><ul class="toc"><li class="tocline"><a class="tocxref" href="#permitted-use-requirements"><span class="secno">5.1 </span>General Principles for Permitted Uses</a><ul class="toc"><li class="tocline"><a class="tocxref" href="#no-secondary-uses"><span class="secno">5.1.1 </span>No Secondary Uses</a></li><li class="tocline"><a clas="tocxref" href="#data-minimization-and-transparency"><span class="secno">5.1.2 </span>Data Minimization, Retention and Transparency</a></li><li class="tocline"><a class="tocxref" href="#no-personalization"><span class="secno">5.1.3 </span>No Personalization</a></li><li class="tocline"><a class="tocxref" href="#reasonable-security"><span class="secno">5.1.4 </span>Reasonable Security</a></li></ul></li><li class="tocline"><a class="tocxref" href="#permitted-uses"><span class="secno">5.2 </span>Permitted Uses</a></li><li class="tocline"><a class="tocxref" href="#geolocation"><span class="secno">5.3 </span>Third Party Geolocation Compliance</a></li></ul></li><li class="tocline"><a class="tocxref" href="#user-granted-exceptions"><span class="secno">6. </span>User-Granted Exceptions</a></li><li class="tocline"><a class="tocxref" href="#interactions"><span class="secno">7. </span>Interaction with Existing User Privacy Controls</a></li><li class="tocline"><a class="tocxref" href="#unknowing-collection"><span clas="secno">8. </span>Unknowing Collection</a></li><li class="tocline"><a class="tocxref" href="#acknowledgements"><span class="secno">A. </span>Acknowledgements</a></li><li class="tocline"><a class="tocxref" href="#references"><span class="secno">B. </span>References</a><ul class="toc"><li class="tocline"><a class="tocxref" href="#normative-references"><span class="secno">B.1 </span>Normative references</a></li></ul></li></ul></section>
<section id="scope-and-goals">
- <h2>Scope</h2>
+ <!--OddPage--><h2><span class="secno">1. </span>Scope</h2>
- <p>Do Not Track is designed to provide users with a simple preference expression mechanism to allow or limit online tracking globally or selectively.</p>
- <p>The specification applies to compliance with requests through user agents that (1) can access the general browsable Web; (2) have a user interface that satisfies the requirements in <a href="http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#determining">Determining User Preference</a> in the [[!TRACKING-DNT]] specification; (3) and can implement all of the [[!TRACKING-DNT]] specification, including the mechanisms for communicating a tracking status, and the user-granted exception mechanism.</p>
+ <p>Do Not Track is designed to provide users with a simple
+preference expression mechanism to allow or limit online tracking
+globally or selectively.</p>
+ <p>The specification applies to compliance with requests through user
+agents that (1) can access the general browsable Web; (2) have a user
+interface that satisfies the requirements in <a href="http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#determining">Determining User Preference</a> in the [<cite><a href="#bib-TRACKING-DNT" class="bibref">TRACKING-DNT</a></cite>] specification; (3) and can implement all of the [<cite><a href="#bib-TRACKING-DNT" class="bibref">TRACKING-DNT</a></cite>] specification, including the mechanisms for communicating a tracking status, and the user-granted exception mechanism.</p>
</section>
<section id="definitions">
- <h2>Definitions</h2>
+ <!--OddPage--><h2><span class="secno">2. </span>Definitions</h2>
<p id="def-user">
- A <dfn>user</dfn> is an individual human. When user agent software
+ A <dfn id="dfn-user">user</dfn> is an individual human. When user agent software
accesses online resources, whether or not the user understands or has
specific knowledge of a particular request, that request is "made by
the user."
</p>
<p id="def-user-agent">
- The term <dfn>user agent</dfn> refers to any of the
+ The term <dfn id="dfn-user-agent">user agent</dfn> refers to any of the
various client programs capable of initiating HTTP requests,
including but not limited to browsers, spiders (web-based robots),
- command-line tools, native applications, and mobile apps [[!HTTP11]].
+ command-line tools, native applications, and mobile apps [<cite><a href="#bib-HTTP11" class="bibref">HTTP11</a></cite>].
</p>
<p id="def-network-transaction">
- A <dfn>network interaction</dfn> is the set of HTTP requests and
+ A <dfn id="dfn-network-interaction">network interaction</dfn> is the set of HTTP requests and
responses, or any other sequence of logically related network traffic
caused by a user visit to a single web page or similar single action.
Page re-loads, navigation, and refreshing of content cause a new
network interaction to commence.
</p>
<p id="def-party">
- A <dfn>party</dfn> is any commercial, nonprofit, or governmental
+ A <dfn id="dfn-party">party</dfn> is any commercial, nonprofit, or governmental
organization, a subsidiary or unit of such an organization, or a
person. For unique corporate entities to qualify as a common party
- with respect to this document, those entities MUST be commonly owned
- and commonly controlled and MUST provide easy discoverability of
- affiliate organizations. A list of affiliates MUST be available
+ with respect to this document, those entities <em title="MUST" class="rfc2119">MUST</em> be commonly owned
+ and commonly controlled and <em title="MUST" class="rfc2119">MUST</em> provide easy discoverability of
+ affiliate organizations. A list of affiliates <em title="MUST" class="rfc2119">MUST</em> be available
through a single user interaction from each page, for example, by
following a single link, or through a single click.
</p>
<p id="def-service-providers">
- An outsourced <dfn>service provider</dfn> is considered to be the
+ An outsourced <dfn id="dfn-service-provider">service provider</dfn> is considered to be the
same party as its client if the service provider:
</p>
<ol>
@@ -80,7 +244,7 @@
requirements.</li>
</ol>
<p id="first-party">
- In the context of a specific network interaction, the <dfn>first
+ In the context of a specific network interaction, the <dfn id="dfn-first-party">first
party</dfn> is the party with which the user intentionally interacts.
In most cases on a traditional web browser, the first party will be
the party that owns and operates the domain visible in the address
@@ -108,7 +272,7 @@
make that party a first party in any particular network interaction.
</p>
<p id="third-party">
- A <dfn>third party</dfn> is any party other than a first party,
+ A <dfn id="dfn-third-party">third party</dfn> is any party other than a first party,
service provider, or the user.
</p>
<p>
@@ -116,7 +280,7 @@
limited to a specific network interaction.
</p>
<p id="def-unlinkable">
- Data is <dfn>deidentified</dfn> when a party:
+ Data is <dfn id="dfn-deidentified">deidentified</dfn> when a party:
</p>
<ol>
<li>
@@ -133,109 +297,118 @@
</li>
</ol>
<p id="def-tracking">
- <dfn>Tracking</dfn> is the retention or use, after a network
+ <dfn id="dfn-tracking">Tracking</dfn> is the retention or use, after a network
interaction is complete, of data records that are, or can be,
associated with a specific user, user agent, or device.
</p>
<p id="def-collection">
- A party <dfn>collects</dfn> data if it receives the data and shares
+ A party <dfn id="dfn-collects">collects</dfn> data if it receives the data and shares
the data with other parties or stores the data for more than a
transient period.
</p>
<p>
- A party <dfn>retains</dfn> data if data remains within a party's
+ A party <dfn id="dfn-retains">retains</dfn> data if data remains within a party's
control beyond the scope of the current network interaction.
</p>
<p>
- A party <dfn>uses</dfn> data if the party processes the data for any
+ A party <dfn id="dfn-uses">uses</dfn> data if the party processes the data for any
purpose other than storage or merely forwarding it to another party.
</p>
<p>
- A party <dfn>shares</dfn> data if the party enables another party to
+ A party <dfn id="dfn-shares">shares</dfn> data if the party enables another party to
receive or access that data.
</p>
</section> <!-- end definitions -->
<section id="user-agent-compliance">
- <h3>User Agent Compliance</h3>
+ <!--OddPage--><h2><span class="secno">3. </span>User Agent Compliance</h2>
<p>
- A user agent MUST offer users a minimum of two alternative choices for a Do Not Track preference: unset or DNT: 1. A user agent MAY offer a third alternative choice: DNT: 0.
+ A user agent <em title="MUST" class="rfc2119">MUST</em> offer users a minimum of two alternative choices for a Do Not Track preference: unset or DNT: 1. A user agent <em title="MAY" class="rfc2119">MAY</em> offer a third alternative choice: DNT: 0.
</p>
<p>
- If the user's choice is DNT:1 or DNT:0, the tracking preference is <dfn>enabled</dfn>; otherwise, the tracking preference is <dfn>not enabled</dfn>.
+ If the user's choice is DNT:1 or DNT:0, the tracking preference is <dfn id="dfn-enabled">enabled</dfn>; otherwise, the tracking preference is <dfn id="dfn-not-enabled">not enabled</dfn>.
</p>
<p>
- A user agent MUST have a default tracking preference of unset (not enabled).
+ A user agent <em title="MUST" class="rfc2119">MUST</em> have a default tracking preference of unset (not enabled).
</p>
<p>
- User agents and web sites are responsible for determining the user experience by which a tracking preference is controlled. User agents and web sites MUST ensure that tracking preference choices are communicated to users clearly and accurately and shown at the time and place the tracking preference choice is made available to a user. User agents and web sites MUST ensure that the tracking preference choices describe the parties to whom DNT applies and MUST make available brief and neutral explanatory text to provide more detailed information about DNT functionality.
+ User agents and web sites are responsible for determining the user
+experience by which a tracking preference is controlled. User agents and
+ web sites <em title="MUST" class="rfc2119">MUST</em> ensure that
+tracking preference choices are communicated to users clearly and
+accurately and shown at the time and place the tracking preference
+choice is made available to a user. User agents and web sites <em title="MUST" class="rfc2119">MUST</em> ensure that the tracking preference choices describe the parties to whom DNT applies and <em title="MUST" class="rfc2119">MUST</em> make available brief and neutral explanatory text to provide more detailed information about DNT functionality.
</p>
<p>
- That text MUST indicate that:
+ That text <em title="MUST" class="rfc2119">MUST</em> indicate that:
</p>
<ol>
<li>
- if the tracking preference is communicated, it limits collection and use of web viewing data for certain advertising and other purposes;
+ if the tracking preference is communicated, it limits collection
+and use of web viewing data for certain advertising and other purposes;
</li>
<li>
- when DNT is enabled, some data may still be collected and used for certain purposes, and a description of such purposes; and
+ when DNT is enabled, some data may still be collected and used for
+certain purposes, and a description of such purposes; and
</li>
<li>
- if a user affirmatively allows a particular party to collect and use information about web viewing activities, enabling DNT will not limit collection and use from that party.
+ if a user affirmatively allows a particular party to collect and
+use information about web viewing activities, enabling DNT will not
+limit collection and use from that party.
</li>
</ol>
<p>
- User agents and web sites MUST obtain an explicit choice made by a user when setting controls that affect the tracking preference expression.
+ User agents and web sites <em title="MUST" class="rfc2119">MUST</em> obtain an explicit choice made by a user when setting controls that affect the tracking preference expression.
</p>
<p>
- A user agent MUST transmit the tracking preference according to the [[!TRACKING-DNT]] specification.
+ A user agent <em title="MUST" class="rfc2119">MUST</em> transmit the tracking preference according to the [<cite><a href="#bib-TRACKING-DNT" class="bibref">TRACKING-DNT</a></cite>] specification.
</p>
<p>
- Implementations of HTTP that are not under control of the user MUST NOT generate or modify a tracking preference.
+ Implementations of HTTP that are not under control of the user <em title="MUST NOT" class="rfc2119">MUST NOT</em> generate or modify a tracking preference.
</p>
</section>
<section id="first-party-compliance">
- <h3>First Party Compliance</h3>
+ <!--OddPage--><h2><span class="secno">4. </span>First Party Compliance</h2>
<p>
- If a first party receives a DNT:1 signal the first party MAY engage in its normal collection and
+ If a first party receives a DNT:1 signal the first party <em title="MAY" class="rfc2119">MAY</em> engage in its normal collection and
use of information. This includes the ability to customize the content,
services, and advertising in the context of the first party experience.
[254 lines skipped]
Received on Monday, 10 June 2013 19:54:47 UTC