Draft: Issue 31, Minimization - to what extent will minimization be required for use of a particular exemption? (conditional exemptions) from Sue Glueck (LCA) on 2011-12-22 (public-tracking@w3.org from December 2011)

From: Sue Glueck (LCA) <Sue.Glueck@microsoft.com>
Date: Thu, 22 Dec 2011 07:00:15 +0000
To: "public-tracking@w3.org" <public-tracking@w3.org>
Message-ID: <073A263CCED4C945B7AC46E6CEE9B06E20ADDF3F@TK5EX14MBXC215.redmond.corp.microsoft.>

Issue Number: Issue-31

Issue Name: Minimization -- to what extent will minimization be required for use of a particular exemption? (conditional exemptions)

Issue URL: http://www.w3.org/2011/tracking-protection/track/issues/31

Section number in the FPWD: 3.4 Types of Tracking

Contributors to this text:
Kevin Smith
Sue Glueck

Description: The extent to which minimization will be required for use of a particular exemption will vary by exemption. Examples as raised by some of the existing issues are described below.

Specification:

* Siloed Data (Issue-73) - When a first party website has outsourced functionality to [or shared data with] a third party website, in order to be treated as a first party under this standard, the third party SHOULD? MUST? provide the following functionality: If DNT is enabled, the third party servers should help ensure unlinkability by siloing data or using other technical mechanisms such that visitor data cannot be connected across unaffiliated non-same branded sites.

* Aggregate (Issue-34) - Aggregated data is permissible for purposes such as research, industry trends, and analytics (according to Issue-34). Parties wishing to use aggregated data MUST take reasonable steps to ensure that data does not reveal information about individual users, user agents, or devices and it MUST NOT be possible to identify an individual with aggregated cross site data.

* Frequency Capping (Issue-22) - Storing cross-site data for ad frequency capping is permitted providing appropriate minimization measures are taken. Local storage SHOULD be used whenever possible to reduce the amount of data that is sent to the server. In the event that data must be sent to the server, only the minimal data required to provide frequency capping functionality should be sent and all data should be deleted after the frequency capping duration has passed. Data collected to provide frequency capping MUST NOT be used for any other purpose unless such use falls within the scope of another exemption.

* Click Fraud (Issue-22) - Click fraud prevention entails storing certain data about fraudulent visitors to websites. Some of the data may need to be stored for a short period of time, while others will need to be stored for longer to prevent future instances of fraud. Only data necessary to prevent click fraud should be retained, and for only so long as it is useful for that purpose. This data MUST NOT be used for any other purpose, unless such use falls within the scope of another exemption.

Received on Thursday, 22 December 2011 07:05:36 UTC