- From: CVS User npdoty <cvsmail@w3.org>
- Date: Wed, 30 Jul 2014 00:17:06 +0000
- To: public-tracking-commit@w3.org
Update of /w3ccvs/WWW/2011/tracking-protection/drafts
In directory gil:/tmp/cvs-serv12827
Modified Files:
tracking-compliance.html
Log Message:
add details -- requirements and examples -- on using particular tracking status values, per action-451 and action-455
--- /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-compliance.html 2014/07/23 17:45:26 1.121
+++ /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-compliance.html 2014/07/30 00:17:06 1.122
@@ -271,6 +271,9 @@
<p class="note">
The editor's draft URI points to content that will change. Versions of this document that are published as Working Drafts or later maturity levels will use permanent URIs in this section, pointing to content that does not change.
</p>
+ <p>
+ A party to a given user action that is <a>tracking</a> that action MUST indicate so to the user agent. A party that is tracking a user with that user's consent MUST use the corresponding <code>C</code> or <code>P</code> <a class="externalDFN" href="http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#tracking-status-value">tracking status values</a>. A party that is tracking a user for reasons allowable under this recommendation (for example, for one of the permitted uses described below) MUST use the <code>T</code> value. A party to a given user action that is not engaged in tracking SHOULD use the <code>N</code> value (a <code>T</code> value is also conformant but not as informative).
+ </p>
<p>
A party to a given user action that disregards a DNT signal MUST indicate so to the user agent, using the response mechanism defined in the [[TRACKING-DNT]] recommendation. The party MUST provide information in its privacy policy listing the specific reasons for not honoring the user's expressed preference. The party's representation MUST be clear and easily discoverable.
</p>
@@ -283,6 +286,11 @@
<p>
With respect to a given user action, a first party to that action which receives a <code>DNT:1</code> signal MAY collect and use data received from those network interactions. This includes customizing content, services and advertising with respect to those user actions.
</p>
+ <aside class="example">
+ <p>
+ A site that collects and uses data about users only when those users visit the site itself can comply with the a user's expressed DNT preference without changing the site's practices of data collection and use. Such a site can create a static site-wide tracking status resource with a tracking status value of <code>N</code>.
+ </p>
+ </aside>
<p>
A first party to a given user action MUST NOT share data about those network interactions with third parties to that action who are prohibited from collecting data from those network interactions under this recommendation. Data about the interaction MAY be shared withh service providers acting on behalf of the first party.
</p>
@@ -313,6 +321,11 @@
<li>data is collected for the set of permitted uses described below;</li>
<li>or, the data is de-identified as defined in this recommendation.</li>
</ol>
+ <aside class="example">
+ <p>
+ An embedded widget provider (a third party to users' interactions with various sites) counts visitors' country of origin and device type but removes identifiers in order to <a title="deidentified">deidentify</a> collected data. For the purposes of this recommendation, the party is not <a>tracking</a> the user and can create a static site-wide tracking status resource with a tracking status value of <code>N</code> to indicate that status.
+ </p>
+ </aside>
<p>
Outside the permitted uses and explicitly-granted exceptions listed below,
a third party to a given user action MUST NOT collect, share, or associate with related
@@ -488,6 +501,11 @@
<p class="note">
The qualifiers in this table correspond directly to the permitted uses described in the previous section. This list, the characters and the names may change depending on the resolution of open issues regarding the permitted uses.
</p>
+ <aside class="example">
+ <p>
+ A site that tracks user activity across several unrelated sites (through a tracking pixel or embedded script, for example) but collects and uses tracking data only as necessary for security and debugging purposes might create a tracking status resource with a tracking status value of <code>T</code> (to indicate tracking) and a qualifiers value of <code>sd</code> (to indicate the particular permitted uses).
+ </p>
+ </aside>
</section>
</section>
</section>
@@ -512,6 +530,11 @@
party MUST indicate this consent to the user agent as described in
the companion [[!TRACKING-DNT]] document.
</p>
+ <aside class="example">
+ <p>
+ A site may provide a settings page to its logged-in users with an explanation of a feature that involves collecting data on that user's activity on other sites in order to provide more relevant content on the home site. To implement the feature and record that consent, the site places a cookie on the user's machine. In subsequent requests where the consent cookie is recognized and a <code>DNT: 1</code> header is present, the site responds with a <code>Tk</code> response header of <code>C</code>, to indicate that consent to the user.
+ </p>
+ </aside>
</section>
<section id="interactions">
<h3>Interaction with Existing User Privacy Controls</h3>
Received on Wednesday, 30 July 2014 00:17:10 UTC