- From: CVS User npdoty <cvsmail@w3.org>
- Date: Wed, 16 Dec 2015 07:08:02 +0000
- To: public-tracking-commit@w3.org
Update of /w3ccvs/WWW/2011/tracking-protection/drafts
In directory gil:/var/tmp/cvs-serv29242
Modified Files:
tracking-compliance.html
Log Message:
editorial changes via comments from timeless; wrapped to 80 columns
--- /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-compliance.html 2015/06/16 21:23:40 1.153
+++ /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-compliance.html 2015/12/16 07:08:02 1.154
@@ -1,13 +1,14 @@
<!DOCTYPE html>
+
<html lang="en" dir="ltr">
<head>
<title>Tracking Compliance and Scope</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<script src="http://www.w3.org/Tools/respec/respec-w3c-common" class="remove"
async="">
- </script>
+</script>
<script class="remove">
- var respecConfig = {
+var respecConfig = {
specStatus: "ED",
shortName: "tracking-compliance",
previousMaturity: "WD",
@@ -49,7 +50,7 @@
}
</script>
<style>
- table.simple {
+table.simple {
width: 40%;
margin: 0 auto;
}
@@ -65,11 +66,11 @@
<section id="sotd">
<p><strong>This editor's draft does not constitute consensus and may
- change.</strong> The <a
- href="http://www.w3.org/2011/tracking-protection/">Tracking Protection
- Working Group</a> is reviewing this document prior to issuing a <a
- href="http://www.w3.org/2005/10/Process-20051014/tr.html#last-call">Last
- Call announcement</a>. Reviewers are advised to consult the <a href=
+ change.</strong> The <a href=
+ "http://www.w3.org/2011/tracking-protection/">Tracking Protection Working
+ Group</a> is reviewing this document prior to issuing a <a href=
+ "http://www.w3.org/2005/10/Process-20051014/tr.html#last-call">Last Call
+ announcement</a>. Reviewers are advised to consult the <a href=
"https://www.w3.org/2011/tracking-protection/track/products/5">list of
issues tracked in the Compliance Current product</a> and the <a href=
"http://www.w3.org/wiki/Privacy/TPWG#Change_proposals">wiki list of change
@@ -88,7 +89,7 @@
express a preference to allow or limit online <a>tracking</a>. Complying
with the user's preference as described in this document includes limits on
the collection, retention and use of data collected as a <a>third party</a>
- to <a title="user action">user actions</a> and the sharing of data not
+ to <a title="user action">user actions</a> and the sharing of data not
<a>permanently de-identified</a>.</p>
<p>This specification is intended for compliance with expressed user
@@ -96,18 +97,18 @@
the general browsable Web; (2) have a user interface that satisfies the
requirements in <a href=
"http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#determining">
- Determining User Preference</a> in the [[!TPE]] specification; and, (3)
- can implement all of the [[!TPE]] specification, including the
- mechanisms for communicating a tracking status, and the user-granted
- exception mechanism.</p>
-
+ Determining User Preference</a> in the [[!TPE]] specification; and, (3) can
+ implement all of the [[!TPE]] specification, including the mechanisms for
+ communicating a tracking status, and the user-granted exception
+ mechanism.</p>
+
<p>It is outside the scope of this specification to control short-term,
transient collection and use of data, so long as the data is not shared
with a third party and is not used to build a profile about a user or
- otherwise alter an individual user’s experience outside the current
- network interaction. For example, the contextual customization of ads shown
- as part of the same network interaction is not restricted by a
- <code>DNT:1</code> signal.</p>
+ otherwise alter an individual user’s experience outside the current network
+ interaction. For example, the contextual customization of ads shown as part
+ of the same network interaction is not restricted by a <code>DNT:1</code>
+ signal.</p>
</section>
<section id="definitions">
@@ -116,7 +117,8 @@
<section id="user">
<h3>User</h3>
- <p>A <dfn>user</dfn> is a natural person who is making, or has made, use of the Web.</p>
+ <p>A <dfn>user</dfn> is a natural person who is making, or has made, use
+ of the Web.</p>
</section>
<section id="user-agent">
@@ -206,10 +208,9 @@
prominent co-branding on the resource might lead a user to expect that
multiple parties are responsible for the content or functionality.</p>
- <p>Network interactions related to a given user action
- may not constitute intentional interaction when, for example, the user is
- unaware or only transiently informed of redirection or framed
- content.</p>
+ <p>Network interactions related to a given user action may not constitute
+ intentional interaction when, for example, the user is unaware or only
+ transiently informed of redirection or framed content.</p>
</section>
<section id="third-party">
@@ -246,18 +247,18 @@
user;</li>
<li>link two or more records (either from the same database or
- different databases), concerning the same device or user;</li>
+ different databases), concerning the same device or user; or</li>
<li>deduce, with significant probability, information about a device
or user.</li>
</ul>
- <p>Regardless of the de-identification approach, unique keys can be used
- to correlate records within the de-identified dataset, provided the keys
- do not exist and cannot be derived outside the de-identified dataset and
- have no meaning outside the de-identified dataset (i.e. no mapping table
- can exist that links the original identifiers to the keys in the
- de-identified dataset).</p>
+ <p>Regardless of the de-identification approach, unique keys can be
+ used to correlate records within the de-identified dataset, provided
+ the keys do not exist and cannot be derived outside the de-identified
+ dataset and have no meaning outside the de-identified dataset (i.e. no
+ mapping table can exist that links the original identifiers to the keys
+ in the de-identified dataset).</p>
<p>In the case of records in such data that relate to a single user or
a small number of users, usage and/or distribution restrictions are
@@ -273,12 +274,14 @@
<li>technical safeguards that prohibit re-identification of
de-identified data;</li>
- <li>business processes that specifically prohibit re-identification of
- de-identified data;</li>
+ <li>business processes that specifically prohibit re-identification
+ of de-identified data;</li>
- <li>business processes that prevent inadvertent release of de-identified data;</li>
+ <li>business processes that prevent inadvertent release of
+ de-identified data;</li>
- <li>administrative controls that limit access to de-identified data.</li>
+ <li>administrative controls that limit access to de-identified
+ data.</li>
</ul>
<p>Geolocation data (of a certain precision or over a period of time)
@@ -314,36 +317,39 @@
<section id="server-compliance">
<h3>Server Compliance</h3>
-
+
<section id="indicating-compliance">
<h3>Indicating Compliance and Non-Compliance</h3>
<p>In order to indicate a party's compliance with a user's expressed
tracking preference as described in this specification for a given
resource, an origin server:</p>
-
+
<ol start="1">
<li>MUST conform to the origin server requirements of [[!TPE]];</li>
+
<li>MUST send a tracking status value other than <code>!</code> (under
- construction) or <code>D</code> (disregarding) for that resource; and
- </li>
+ construction) or <code>D</code> (disregarding) for that resource;
+ and</li>
+
<li>MUST send, in a tracking status representation applicable to that
resource, a compliance property that contains a reference to the
following URI:
- <blockquote>
- <code>http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html</code>
- </blockquote>
+
+ <blockquote>
+ <code>http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html</code>
+ </blockquote>
</li>
</ol>
-
+
<p class="note">The editor's draft URI points to content that will
change. Versions of this document that are published as Working Drafts or
later maturity levels will use permanent URIs in this section, pointing
to content that does not change.</p>
<p>When a user sends a <code>DNT:0</code> signal, the user is expressing
- a preference to allow tracking. This specification places no
- restrictions on collection or use of data from network interactions with
+ a preference to allow tracking. This specification places no restrictions
+ on collection or use of data from network interactions with
<code>DNT:0</code> signals. Note, however, that a party might be limited
by its own statements to the user regarding the <code>DNT:0</code>
setting. For more information, see Section <a href=
@@ -357,22 +363,21 @@
href=
"http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#tracking-status-value">
tracking status values</a>. A party that is tracking a user for reasons
- allowable under this specification (for example, for one of the
- permitted uses described below) MUST use the <code>T</code> value. A
- party to a given user action that is not engaged in tracking SHOULD use
- the <code>N</code> value (a <code>T</code> value is also conformant but
- not as informative).</p>
+ allowable under this specification (for example, for one of the permitted
+ uses described below) MUST use the <code>T</code> value. A party to a
+ given user action that is not engaged in tracking SHOULD use the
+ <code>N</code> value (a <code>T</code> value is also conformant but not
+ as informative).</p>
<p>A party to a given user action that disregards a <code>DNT:1</code>
signal MUST indicate that non-compliance to the user agent, using the
- response mechanism defined in the [[!TPE]] specification. The
- party MUST provide information in its privacy policy listing the specific
- reasons for not honoring the user's expressed preference. The party's
+ response mechanism defined in the [[!TPE]] specification. The party MUST
+ provide information in its privacy policy listing the specific reasons
+ for not honoring the user's expressed preference. The party's
representation MUST be clear and easily discoverable.</p>
<p>In the interest of transparency, especially where multiple reasons are
- listed, a server might use the [[!TPE]] <a class="externalDFN"
- href=
+ listed, a server might use the [[!TPE]] <a class="externalDFN" href=
"http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#rep.qualifiers">
qualifiers</a> or <a class="externalDFN" href=
"http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#rep.config">
@@ -423,29 +428,31 @@
<p>When a third party to a given user action receives a
<code>DNT:1</code> signal in a related network interaction, that party
MAY collect and use data about those network interactions when:</p>
-
+
<ol start="1">
- <li>a user has explicitly granted consent, as described
- below (Section <a href=
- "#user-granted-exceptions"></a>);</li>
-
- <li>data is collected for the set of permitted uses described
- below (Section <a href=
- "#permitted-uses"></a>);</li>
+ <li>a user has explicitly granted consent, as described below (Section
+ <a href="#user-granted-exceptions"></a>);
+ </li>
+
+ <li>the data is collected for the set of permitted uses described below
+ (Section <a href="#permitted-uses"></a>); or
+ </li>
- <li>or, the data is <a>permanently de-identified</a> as defined in this
+ <li>the data is <a>permanently de-identified</a> as defined in this
specification.
</li>
</ol>
-
+
<p>Other than under those enumerated conditions, that party:</p>
-
+
<ol start="1">
<li>MUST NOT collect data from this network interaction that would
result in data regarding this particular user being associated across
multiple contexts;</li>
+
<li>MUST NOT retain, use, or share data from this particular user's
activity outside the context in which that activity occurred; and</li>
+
<li>MUST NOT use data from network interactions with this particular
user in a different <a>context</a>.
</li>
@@ -480,7 +487,7 @@
and consequences. In all cases, collection and use of data must be
reasonably necessary and proportionate to achieve the purpose for which
it is specifically permitted; unreasonable or disproportionate
- collection, retention, or use are not “permitted uses”.</p>
+ collection, retention, or use are not "permitted uses".</p>
<p class="note">The requirements in the following sub-sections apply to
a party that collects data for a permitted use and that would otherwise
@@ -520,7 +527,8 @@
<h5>No Personalization</h5>
<p>A party that collects data for a permitted use MUST NOT use that
- data to alter a specific user's online experience, except as specifically permitted below.</p>
+ data to alter a specific user's online experience, except as
+ specifically permitted below.</p>
</section>
<section id="reasonable-security">
@@ -572,9 +580,9 @@
<p>When feasible, a graduated response to a detected security
incident is preferred over widespread data collection. In this
- specification, a <dfn>graduated response</dfn> is a data
- minimization methodology where actions taken are proportional to the
- problem or risk being mitigated.</p>
+ specification, a <dfn>graduated response</dfn> is a data minimization
+ methodology where actions taken are proportional to the problem or
+ risk being mitigated.</p>
<aside class="example">
<p>Examples of using a graduated response for data minimization in
@@ -584,13 +592,13 @@
<li>recording all use from a given IP address range, regardless
of DNT signal, when the party believes it is seeing a coordinated
click fraud attack on its service from that IP address
- range.</li>
+ range;</li>
<li>collecting all data matching an identifiable fingerprint (a
- combination of User Agent and other protocol information, say)
- and retaining logs until it can be determined that they are not
- associated with such an attack or such retention is no longer
- necessary to support prosecution</li>
+ combination of User-Agent header and other protocol information,
+ for example) and retaining logs until it can be determined that
+ they are not associated with such an attack or such retention is
+ no longer necessary to support prosecution</li>
</ul>
</aside>
</section>
@@ -611,8 +619,8 @@
<p>A party MAY indicate which of the listed permitted uses apply to
tracking of a user with the <a class="externalDFN" href=
"http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#rep.qualifiers">
- qualifiers</a> mechanism defined in the [[!TPE]] document.
- While providing qualifiers is OPTIONAL, a party that wishes to indicate
+ qualifiers</a> mechanism defined in the [[!TPE]] document. While
+ providing qualifiers is OPTIONAL, a party that wishes to indicate
particular permitted uses MUST use the corresponding characters as
indicated in the table below.</p>
@@ -664,11 +672,11 @@
<aside class="example">
<p>A site that tracks user activity across several unrelated sites
(through a tracking pixel or embedded script, for example) but
- collects and uses data about that activity only as necessary for security and
- debugging purposes might create a tracking status resource with a
- tracking status value of <code>T</code> (to indicate tracking) and a
- qualifiers value of <code>sd</code> (to indicate the particular
- permitted uses).</p>
+ collects and uses data about that activity only as necessary for
+ security and debugging purposes might create a tracking status
+ resource with a tracking status value of <code>T</code> (to indicate
+ tracking) and a qualifiers value of <code>sd</code> (to indicate the
+ particular permitted uses).</p>
</aside>
</section>
</section>
@@ -680,11 +688,10 @@
<p>A party MAY engage in practices otherwise proscribed by this
specification when the user has given explicit and informed consent. After
consent is received, it might be subsequently registered through the
- User-Granted Exceptions API defined in the companion [[!TPE]]
- document or recorded <dfn>out of band</dfn> using a different technology.
- A party MUST indicate when it is relying on <a>out of band</a> consent to
- override a Do Not Track preference, as described in the companion
- [[!TPE]] document.</p>
+ User-Granted Exceptions API defined in the companion [[!TPE]] document or
+ recorded <dfn>out of band</dfn> using a different technology. A party MUST
+ indicate when it is relying on <a>out of band</a> consent to override a Do
+ Not Track preference, as described in the companion [[!TPE]] document.</p>
<aside class="example">
<p>A site may provide a settings page to its logged-in users with an
@@ -695,35 +702,39 @@
consent cookie is recognized and a <code>DNT: 1</code> header is present,
the site responds with a <code>Tk</code> response header of
<code>C</code>, to indicate that consent to the user.</p>
- </aside>
-
+ </aside>
+
<section id="transitive-exceptions">
<h3>Transfer of consent to another party</h3>
-
+
<p>When a party requests consent from the user as described above, it
- might include consent for sharing data with its <a title="service provider">service
- providers</a>. This <dfn>transitive permission</dfn> might apply even to those
- parties to which the user has not separately granted consent to be tracked.</p>
-
- <p>A party that transfers consent in this way MUST ensure that its <a title="service provider">service
- providers</a> acknowledge this consent by use of the corresponding <a class="externalDFN"
- href=
+ might include consent for sharing data with its <a title=
+ "service provider">service providers</a>. This <dfn>transitive
+ permission</dfn> might apply even to those parties to which the user has
+ not separately granted consent to be tracked.</p>
+
+ <p>A party that transfers consent in this way MUST ensure that its
+ <a title="service provider">service providers</a> acknowledge this
+ consent by use of the corresponding <a class="externalDFN" href=
"http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#tracking-status-value">
[52 lines skipped]
Received on Wednesday, 16 December 2015 07:08:05 UTC