- From: CVS User rfieldin <cvsmail@w3.org>
- Date: Wed, 06 Aug 2014 18:32:06 +0000
- To: public-tracking-commit@w3.org
Update of /w3ccvs/WWW/2011/tracking-protection/drafts
In directory gil:/tmp/cvs-serv18788
Modified Files:
tracking-compliance-i203.html
Log Message:
fix mark-up and whitespace; note as unofficial
--- /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-compliance-i203.html 2014/08/02 03:47:39 1.1
+++ /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-compliance-i203.html 2014/08/06 18:32:05 1.2
@@ -6,12 +6,12 @@
<script src='http://www.w3.org/Tools/respec/respec-w3c-common' class='remove' async></script>
<script class="remove">
var respecConfig = {
- specStatus: "ED",
+ specStatus: "unofficial",
shortName: "tracking-compliance",
//previousPublishDate: "2012-04-30",
//previousMaturity: "WD",
//previousURI: "http://www.w3.org/TR/2013/WD-tracking-compliance-20130430/",
- edDraftURI: "http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance-i203.html",
+ edDraftURI: "http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance-i203.html",
editors: [
{ name: "Roy T. Fielding", url: "http://roy.gbiv.com/",
company: "Adobe", companyURL: "http://www.adobe.com/" }
@@ -35,6 +35,12 @@
}
}
</script>
+ <style>
+ table.simple {
+ width: 40%;
+ margin: 0 auto;
+ }
+ </style>
</head>
<body>
<section id="abstract">
@@ -97,28 +103,28 @@
behavior of any party that receives data collected via the designated
resource.
</p>
- <p>
- Data collection, retention, use, or sharing that does not amount to
- tracking is outside the scope of this specification. For example,
- collecting data about a particular user's activity within a single
- context is not considered tracking, but retaining, using, or sharing
- data derived from that activity (such as a user profile) outside the
- context in which that activity occurred is considered tracking.
- Likewise, data that has been de-identified is outside the scope of this
- specification.
+ <p>
+ Data collection, retention, use, or sharing that does not amount to
+ tracking is outside the scope of this specification. For example,
+ collecting data about a particular user's activity within a single
+ context is not considered tracking, but retaining, using, or sharing
+ data derived from that activity (such as a user profile) outside the
+ context in which that activity occurred is considered tracking.
+ Likewise, data that has been de-identified is outside the scope of this
+ specification.
</p>
- <p>
- Short-term, transient collection and use of data is also outside
+ <p>
+ Short-term, transient collection and use of data is also outside
the scope of this specification so long as the data is not used to build
a profile about the user. For example, customization of ads based only
on the current context in which the ad is placed, such as the content of
the surrounding page or nature of the site being visited, is not
restricted by a tracking preference.
- </p>
- <p class="issue" data-number="209" title="Description of scope of specification"></p>
- <p class="issue" data-number="134" title="Would we additionally permit logs that are retained for a short enough period?"></p>
- <p class="issue" data-number="204" title="Definitions of collection / retention and transience / network interaction"></p>
- <p class="issue" data-number="227" title="User Agent requirements in UA Compliance vs. Scope section"></p>
+ </p>
+ <p class="issue" data-number="209" title="Description of scope of specification"></p>
+ <p class="issue" data-number="134" title="Would we additionally permit logs that are retained for a short enough period?"></p>
+ <p class="issue" data-number="204" title="Definitions of collection / retention and transience / network interaction"></p>
+ <p class="issue" data-number="227" title="User Agent requirements in UA Compliance vs. Scope section"></p>
</section>
<section id="terminology">
@@ -138,7 +144,7 @@
<dfn><a class="externalDFN" href="http://www.w3.org/TR/tracking-dnt/#dfn-uses">uses</a></dfn>, and
<dfn><a class="externalDFN" href="http://www.w3.org/TR/tracking-dnt/#dfn-shares">shares</a></dfn>.
</p>
-
+
<section id="service-provider">
<h3>Service Provider</h3>
<p>
@@ -169,34 +175,34 @@
with the above limitations.</li>
</ol>
</section>
-
- <section id="de-identified">
- <h3>De-identified</h3>
- <p>
- Data is <dfn>de-identified</dfn> when a party:
- </p>
- <ol>
- <li>has achieved a reasonable level of justified confidence that the
+
+ <section id="de-identified">
+ <h3>De-identified</h3>
+ <p>
+ Data is <dfn>de-identified</dfn> when a party:
+ </p>
+ <ol>
+ <li>has achieved a reasonable level of justified confidence that the
data cannot be used to infer information about, or otherwise be
linked to, a particular consumer, computer, or other device;</li>
- <li>commits to make no attempt to re-identify the data; and</li>
- <li>contractually prohibits downstream recipients from attempting to
+ <li>commits to make no attempt to re-identify the data; and</li>
+ <li>contractually prohibits downstream recipients from attempting to
re-identify the data.</li>
- </ol>
- <p class="issue" data-number="188" title="Definition of de-identified (or previously, unlinkable) data">
- <strong>OPEN</strong> This definition is being actively discussed and
- may soon be replaced by a term with less baggage.
- </p>
- <p class="note">
- Note that geolocation data (of a certain precision or over a period of
+ </ol>
+ <p class="issue" data-number="188" title="Definition of de-identified (or previously, unlinkable) data">
+ <strong>OPEN</strong> This definition is being actively discussed and
+ may soon be replaced by a term with less baggage.
+ </p>
+ <p class="note">
+ Note that geolocation data (of a certain precision or over a period of
time) may itself identify otherwise de-identified data.
- </p>
- <p class="issue" data-number="202" title="Limitations on geolocation by third parties"></p>
- </section>
- </section> <!-- end Terminology -->
+ </p>
+ <p class="issue" data-number="202" title="Limitations on geolocation by third parties"></p>
+ </section>
+ </section> <!-- end Terminology -->
- <section id="compliance">
- <h3>Compliance</h3>
+ <section id="compliance">
+ <h3>Compliance</h3>
<section id="indicating-compliance">
<h3>Indicating Compliance</h3>
@@ -225,329 +231,341 @@
</p>
</section>
- <section id="communicating-tracking-status">
- <h3>Communicating Tracking Status</h3>
- <p>
- When a tracking status representation is used to communicate the
- tracking status for a designated resource, the origin server MUST send
- within the representation's tracking property a TSV that is consistent
- with the current or anticipated tracking that might occur if a similar
- request is sent to that designated resource.
- </p>
- <p>
- When a Tk response header field [[!TRACKING-DNT]] is used to
- communicate a tracking status for the current request, the origin
- server MUST send a TSV that either refers to a request-specific tracking
- status resource or reflects the target resource's current tracking
- behavior for this request.
- </p>
+ <section id="communicating-tracking-status">
+ <h3>Communicating Tracking Status</h3>
+ <p>
+ When a tracking status representation is used to communicate the
+ tracking status for a designated resource, the origin server MUST send
+ within the representation's tracking property a TSV that is consistent
+ with the current or anticipated tracking that might occur if a similar
+ request is sent to that designated resource.
+ </p>
+ <p>
+ When a Tk response header field [[!TRACKING-DNT]] is used to
+ communicate a tracking status for the current request, the origin
+ server MUST send a TSV that either refers to a request-specific tracking
+ status resource or reflects the target resource's current tracking
+ behavior for this request.
+ </p>
</section>
- <section id="adhering-to-tracking-status">
- <h3>Adhering to Tracking Status</h3>
- <p>
- An origin server that sends a TSV of
- <code><a class="externalDFN" href="http://www.w3.org/TR/tracking-dnt/#TSV-N">N</a></code> (not tracking)
- MUST NOT engage tracking if a similar request is made to the designated
- resource while that tracking status remains fresh. In other words, the
- party MUST NOT knowingly collect, retain, use, or share data from a
- <a class="externalDFN" href="http://www.w3.org/TR/tracking-dnt/#dfn-network-interaction">network interaction</a>
- with the designated resource that would allow that party to associate
- the same user with tracking data it has previously obtained from user
- activity in other contexts, MUST NOT retain, use, or share data derived
- from this user activity outside the context in which this activity
- occurred, and MUST NOT tailor or personalize the response from the
- designated resource based on data derived from this user's activity in
- other contexts (aside from contextual data provided by the user in the
- current request).
- </p>
- <p>
- An origin server that sends a TSV of
- <code><a class="externalDFN" href="http://www.w3.org/TR/tracking-dnt/#TSV-T">T</a></code> (tracking)
- MAY engage tracking if a similar request is made to the designated
- resource. Further limitations on that tracking depend on the received
- tracking preference expression, if any:
- <dl>
- <dt><code>DNT:0</code></dt>
- <dd>
- The user is expressing a preference for a personalized experience
- and this signal indicates explicit consent for data collection,
- retention, use, and sharing by the recipient of this signal to
- provide a personalized experience for the user.
- This specification does not limit tracking in the presence of
- <code>DNT:0</code>. Note, however, a party might be limited by its
- own statements to the user, if any, regarding the <code>DNT:0</code>
- setting.</dd>
- <dt><code>DNT:1</code></dt>
- <dd>The party MUST limit its tracking to the permitted uses
- defined in <a href="#limited-tracking-permitted" class="sectionRef"></a>.
- The party MAY provide additional information in the
- <code><a class="externalDFN" href="http://www.w3.org/TR/tracking-dnt/#rep.qualifiers">qualifiers</a></code>
- property of a tracking status representation to indicate what
- permitted uses of tracking are engaged while under <code>DNT:1</code>,
- as described in <a href="#sending-qualifiers" class="sectionRef"></a>.
- The party MUST NOT share data about this network interaction with
- any party other than the controller(s) of the context in which this
- activity occurred, <a title="service provider">service providers</a>
- to said controller(s), or service providers to the party.
- <dt><em>not enabled</em></dt>
- <dd>In the absence of regulatory, legal, or other requirements, a party
- MAY interpret the lack of an expressed tracking preference as they
- find most appropriate for the given user, particularly when
- considered in light of the user's privacy expectations and cultural
- circumstances. Likewise, origin servers might make use of other
- preference information outside the scope of this specification, such
- as site-specific user preferences or third-party registration
- services, to inform or adjust their behavior when no explicit
- preference is expressed in a request.<dd>
- </dl>
- </p>
- <p>
- An origin server that sends a TSV of
- <code><a class="externalDFN" href="http://www.w3.org/TR/tracking-dnt/#TSV-C">C</a></code> (consent)
- MUST have received prior consent for tracking this user, user agent, or
- device, perhaps via some mechanism not defined by this specification,
- that overrides a tracking preference expressed by this protocol.
- </p>
- <aside class="example">
+ <section id="adhering-to-tracking-status">
+ <h3>Adhering to Tracking Status</h3>
<p>
- A site might provide a settings page to its logged-in users with an
- explanation of a feature that involves collecting data on that user's
- activity on other sites in order to provide more relevant content on
- the home site. To implement the feature and record that consent, the
- site places a cookie on the user's machine. In subsequent requests
- where the consent cookie is recognized and a <code>DNT: 1</code>
- header is present, the site responds with a TSV of <code>C</code> to
- indicate that consent.
+ An origin server that sends a TSV of
+ <code><a class="externalDFN" href="http://www.w3.org/TR/tracking-dnt/#TSV-N">N</a></code> (not tracking)
+ MUST NOT engage tracking if a similar request is made to the designated
+ resource while that tracking status remains fresh. In other words, the
+ party MUST NOT knowingly collect, retain, use, or share data from a
+ <a class="externalDFN" href="http://www.w3.org/TR/tracking-dnt/#dfn-network-interaction">network interaction</a>
+ with the designated resource that would allow that party to associate
+ the same user with tracking data it has previously obtained from user
+ activity in other contexts, MUST NOT retain, use, or share data derived
+ from this user activity outside the context in which this activity
+ occurred, and MUST NOT tailor or personalize the response from the
+ designated resource based on data derived from this user's activity in
+ other contexts (aside from contextual data provided by the user in the
+ current request).
</p>
- </aside>
- <p>
- An origin server that sends a TSV of <code><a class="externalDFN" href="http://www.w3.org/TR/tracking-dnt/#TSV-P">P</a></code> (potential consent)
- MAY engage tracking for requests made to the designated resource, but
- MUST NOT use or share any data to which DNT:1 applies until it can be
- determined that it has received prior consent to do so. If not, the
- origin server MUST delete or de-identify the collected data within
- forty-eight hours.
- </p>
- <p>
- An origin server MAY send a tracking status value of
- <code><a class="externalDFN" href="http://www.w3.org/TR/tracking-dnt/#TSV-?">?</a></code> (dynamic),
- <code><a class="externalDFN" href="http://www.w3.org/TR/tracking-dnt/#TSV-D">D</a></code> (disregarding), or
- <code><a class="externalDFN" href="http://www.w3.org/TR/tracking-dnt/#TSV-U">U</a></code> (updated)
- when such a response is consistent with its associated requirements in
- [[!TRACKING-DNT]].
- </p>
- <p class="issue" data-number="170" title="Definition of and what/whether limitations around data append and first parties"></p>
- <p class="issue" data-number="210" title="Interaction with existing privacy controls"></p>
- <p class="issue" data-number="207" title="Conditions for dis-regarding (or not) DNT signals"></p>
- </section>
+ <p>
+ An origin server that sends a TSV of
+ <code><a class="externalDFN" href="http://www.w3.org/TR/tracking-dnt/#TSV-T">T</a></code> (tracking)
+ MAY engage tracking if a similar request is made to the designated
+ resource. Further limitations on that tracking depend on the received
+ tracking preference expression, if any:
+ <dl>
+ <dt><code>DNT:0</code></dt>
+ <dd>
+ The user is expressing a preference for a personalized experience
+ and this signal indicates explicit consent for data collection,
+ retention, use, and sharing by the recipient of this signal to
+ provide a personalized experience for the user.
+ This specification does not limit tracking in the presence of
+ <code>DNT:0</code>. Note, however, a party might be limited by its
+ own statements to the user, if any, regarding the <code>DNT:0</code>
+ setting.</dd>
+ <dt><code>DNT:1</code></dt>
+ <dd>The party MUST limit its tracking to the permitted uses
+ defined in <a href="#limited-tracking-permitted" class="sectionRef"></a>.
+ The party MAY provide additional information in the
+ <code><a class="externalDFN" href="http://www.w3.org/TR/tracking-dnt/#rep.qualifiers">qualifiers</a></code>
+ property of a tracking status representation to indicate what
+ permitted uses of tracking are engaged while under <code>DNT:1</code>,
+ as described in <a href="#sending-qualifiers" class="sectionRef"></a>.
+ The party MUST NOT share data about this network interaction with
+ any party other than the controller(s) of the context in which this
+ activity occurred, <a title="service provider">service providers</a>
+ to said controller(s), or service providers to the party.
+ <dt><em>not enabled</em></dt>
+ <dd>In the absence of regulatory, legal, or other requirements, a party
+ MAY interpret the lack of an expressed tracking preference as they
+ find most appropriate for the given user, particularly when
+ considered in light of the user's privacy expectations and cultural
+ circumstances. Likewise, origin servers might make use of other
+ preference information outside the scope of this specification,
+ such as site-specific user preferences or third-party registration
+ services, to inform or adjust their behavior when no explicit
+ preference is expressed in a request.<dd>
+ </dl>
+ </p>
+ <p>
+ An origin server that sends a TSV of
+ <code><a class="externalDFN" href="http://www.w3.org/TR/tracking-dnt/#TSV-C">C</a></code> (consent)
+ MUST have received prior consent for tracking this user, user agent, or
+ device, perhaps via some mechanism not defined by this specification,
+ that overrides a tracking preference expressed by this protocol.
+ </p>
+ <aside class="example">
+ <p>
+ A site might provide a settings page to its logged-in users with an
+ explanation of a feature that involves collecting data on that user's
+ activity on other sites in order to provide more relevant content on
+ the home site. To implement the feature and record that consent, the
+ site places a cookie on the user's machine. In subsequent requests
+ where the consent cookie is recognized and a <code>DNT: 1</code>
+ header is present, the site responds with a TSV of <code>C</code> to
+ indicate that consent.
+ </p>
+ </aside>
+ <p>
+ An origin server that sends a TSV of <code><a class="externalDFN" href="http://www.w3.org/TR/tracking-dnt/#TSV-P">P</a></code> (potential consent)
+ MAY engage tracking for requests made to the designated resource, but
+ MUST NOT use or share any data to which DNT:1 applies until it can be
+ determined that it has received prior consent to do so. If not, the
+ origin server MUST delete or de-identify the collected data within
+ forty-eight hours.
+ </p>
+ <p>
+ An origin server MAY send a tracking status value of
+ <code><a class="externalDFN" href="http://www.w3.org/TR/tracking-dnt/#TSV-?">?</a></code> (dynamic),
+ <code><a class="externalDFN" href="http://www.w3.org/TR/tracking-dnt/#TSV-D">D</a></code> (disregarding), or
+ <code><a class="externalDFN" href="http://www.w3.org/TR/tracking-dnt/#TSV-U">U</a></code> (updated)
+ when such a response is consistent with its associated requirements in
+ [[!TRACKING-DNT]].
+ </p>
+ <p class="issue" data-number="170" title="Definition of and what/whether limitations around data append and first parties"></p>
+ <p class="issue" data-number="210" title="Interaction with existing privacy controls"></p>
+ <p class="issue" data-number="207" title="Conditions for dis-regarding (or not) DNT signals"></p>
+ </section>
- <section id="limited-tracking-permitted">
- <h3>Limited Tracking Permitted under DNT:1</h3>
+ <section id="limited-tracking-permitted">
+ <h3>Limited Tracking Permitted under DNT:1</h3>
- <p>
- When an origin server sends a TSV of
- <code><a class="externalDFN" href="http://www.w3.org/TR/tracking-dnt/#TSV-T">T</a></code> (tracking)
- for a designated resource and a request is received targeting that
- resource with a tracking preference expression of <code>DNT:1</code>,
- some limited tracking is still permitted if it conforms to the
- requirements of this section.
- </p>
+ <p>
+ When an origin server sends a TSV of
+ <code><a class="externalDFN" href="http://www.w3.org/TR/tracking-dnt/#TSV-T">T</a></code> (tracking)
+ for a designated resource and a request is received targeting that
+ resource with a tracking preference expression of <code>DNT:1</code>,
+ some limited tracking is still permitted if it conforms to the
+ requirements of this section.
+ </p>
- <section id="general-permitted-use-requirements">
- <h4>General Requirements for Permitted Uses</h4>
+ <section id="general-permitted-use-requirements">
[386 lines skipped]
Received on Wednesday, 6 August 2014 18:32:07 UTC