W3C home > Mailing lists > Public > public-tracking@w3.org > October 2011

Re: Fwd: Action 9 - Proposal for a DNT definition for 1st Parties

From: Tom Lowenthal <tom@mozilla.com>
Date: Wed, 05 Oct 2011 10:07:32 -0700
Message-ID: <4E8C8ED4.4020900@mozilla.com>
To: "public-tracking@w3.org" <public-tracking@w3.org>
Proposal is at:


Interpretation of the DNT signal by 1st Parties

Proposal to the W3C Tracking Protection Working Group
Authored by Thomas Lowenthal, Mozilla
Associated with [Action

When a first party receives a request where

- they know that they are a first party, and
- the DNT signal is on,

that party **should**:

- store as little information about that request as possible,
- store as little information about the user who made the request as
- take all reasonable steps to protect the privacy and anonymity of the
user who made the request; and

that party **may**:

- provide an affirmative notice to that user regarding the steps that
the site takes as a result of the user's expressed preference,
- provide the user with additional options to choose how the site should
further protect that user's privacy; and

that party **should not**:

- send information about that request or the user who made the request
to any other entity, unless
    - the entity to which the information is sent is performing a
service as the agent of that party, and
        - that entity is bound by contractual or technical means
            - to keep information associated with requests and users
related to this party completely separate from information associated
with any other information they keep, and
            - not to further share such information except under similar
restrictions, or
    - it is the user's deliberate intent to share information
        - (for instance, when a user sends an email through a webmail
provider, that provider should send that email to the destination
server); and

that party **must only**:

- store information about that request where
    - each piece of information is stored for a particular purpose, and
    - the party posts a readily-accessible policy which describes
        - what information is collected, and
        - the purpose for which each piece of information is stored.

Received on Wednesday, 5 October 2011 17:08:05 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:44:41 UTC