W3C home > Mailing lists > Public > public-tracking@w3.org > June 2012

definitions

From: Roy T. Fielding <fielding@gbiv.com>
Date: Fri, 22 Jun 2012 01:24:14 -0700
Message-Id: <567C08CC-7688-4A2C-BBF1-9CB6FD537C99@gbiv.com>
To: Tracking Protection Working Group <public-tracking@w3.org>
This is a collation of not-yet-consenus definitions used in the compliance
document (c1) (c2), combo draft (cm), Shane et al's proposal (s),
Jonathan et al's proposal (j), Roy's proposals (r), and various
EC directives (eu).


data collection

  (c1) A party "collects" data if the data comes within its control.

  (cm) A party collects data if the data comes within its control and the control of that data is not transient.

  (r1) "Data collection" (for the purpose of DNT) is the process of assembling data from or about one or more network interactions and retaining/sharing that data beyond the scope of responding to the current request or in a form that remains linkable to a specific user, user agent, or device.

  (r2) [no definition, just like the regulators]


retention

  (c1) A party "retains" data if data remains within a party's control.

  (r) A party "retains" data if data remains within a party's control beyond the scope of the current interaction.


use

  (c1) A party "uses" data if the party processes the data for any purpose other than storage.

  (cm) A party uses data if the party processes the data for any purpose, including for storage.

  (r) A party uses data if the party processes the data for any purpose other than merely forwarding it to another party.


sharing

  (c1) A party "shares" data if the party enables another party to collect the data.

  (r) A party shares data if it allows any other party to receive or
access that data.


unlinkable

  (s) A dataset is un-linkable when commercially reasonable steps have been taken to de-identify data such that there is confidence that it contains information which could not be linked to a specific user, user agent, or device in a production environment, and which the entity will commit to make no effort to re-identify, and prohibit downstream recipients of un-linkable data from re-identifying it.

  (j) A dataset is unlinkable when there is a high probability that it contains only information which could not be linked to a particular user, user agent, or device by a skilled analyst.

  (cm) A dataset is unidentifiable when there is a high probability that it contains only information which could not be linked to a particular user, user agent, or device by a skilled analyst. N-unlinkability is the special case of K-anonymity where all values are considered part of the pseudo-identifier.

  (r) Data is not personally identifiable if it cannot be directly associated with an individual user or indirectly associated with an individual user via association with a specific user agent or device.

  (eu) to determine whether a person is identifiable, account should be taken of all the means likely reasonably to be used either by the controller or by any other person to identify the said person; whereas the principles of protection shall not apply to data rendered anonymous in such a way that the data subject is no longer identifiable


tracking

  (c1) Tracking is the collection or use of user data via either a unique identifier or a correlated set of data points being used to approximate a unique identifier, in a context other than "first party" as defined in this document.

  (c2) Tracking is defined as following or identifying a user, user agent, or device across multiple visits to a site (time) or across multiple sites (space).

  (r1) Tracking is defined as following or identifying a user, user agent,
or device across multiple visits to a site (time) or across multiple
sites (space). Mechanisms for performing tracking include but are not limited to:
  assigning a unique identifier to the user, user agent, or device
   such that it will be conveyed back to the server on future visits;
  personalizing references or referral information such that they will
   convey the user, user agent, or device identity to other sites;
  correlating data provided in the request with identifying data
   collected from past requests or obtained from a third party; or,
  combining data provided in the request with de-identified data
   collected or obtained from past requests in order to re-identify
   that data or otherwise associate it with the user, user agent,
   or device.

  (r2) Tracking is the retaining or sharing of data about a user's Internet activity in a form that remains linkable to that user, user agent, or device across multiple Web properties that do not share a common first party (data controller).


do not track

  (c2) A preference of "Do Not Track" means that the user does not want tracking to be engaged for this request, including any mechanism for performing tracking, any use of data retained from prior tracking, and any retention or sharing of data from this request for the purpose of future tracking, beyond what is necessary to enable:
  the limited permitted uses defined in this specification;
  the first-party (and third-parties acting as the first-party) to provide the service intentionally requested by the user; and
  other services for which the user has provided prior, specific, and informed consent.

  (r1) A preference of "Do Not Track" means that the user does not want
tracking to be engaged for this request, including any mechanism
for performing tracking, any use of data retained from prior tracking,
and any retention or sharing of data from this request for the purpose
of future tracking, beyond what is necessary to enable:
 1) the limited exemptions defined in section XX;
 2) the first-party (and third-parties acting as the first-party)
    to provide the service intentionally requested by the user; and
 3) other services for which the user has provided prior,
    specific, and informed consent.

  (r2) A "Do Not Track" preference requires that all unnecessary tracking by third parties be disabled, meaning any tracking other than that controlled by the first party or constrained to be within the permitted uses of ... (see Section XX), and that no information obtained from past tracking by third parties be used to satisfy the current request.


party

  (c1) A "party" is any commercial, nonprofit, or governmental organization, a subsidiary or unit of such an organization, or a person, that an ordinary user would perceive to be a discrete entity for purposes of information collection and sharing. Domain names, branding, and corporate ownership may contribute to, but are not necessarily determinative of, user perceptions of whether two parties are distinct.

  (c2) A party is any commercial, nonprofit, or governmental organization, a subsidiary or unit of such an organization, or a person. For unique corporate entities to qualify as a common party with respect to this standard, those entities must be commonly owned and commonly controlled, and must make their parent affiliation (if any) easy discoverable to users.

  (s) A party is any commercial, nonprofit, or governmental organization, a subsidiary or unit of such an organization, or a person.

  (j) A functional entity is any commercial, nonprofit, or governmental organization, a subsidiary or unit of such an organization, or a person. Functional entities are affiliated when they are related by both common majority ownership and common control. A party is a set of functional entities that are affiliated.

  (r) A party includes any outsourced service providers that are limited by contract to act merely as data processors on behalf of the contracting party, silo any data collected by contracting party, and have no control over that data except as directed by the contracting party.


first party

  (c1) A "first party" is any party, in a specific network interaction, that can infer with high probability that the user knowingly and intentionally communicated with it. Otherwise, a party is a third party.

  (c2) A First Party is the entity that owns the Web site or has Control over the Web site the consumer visits. A First Party also includes the owner of a widget, search box or similar service with which a consumer interacts, even if such First Party does not own or have Control over the Web site where the widget or services are displayed to the consumer.

  (s) A First Party is the party that owns the Web site or has control over the Web site the consumer visits. A First Party also includes the owner of a widget, search box or similar service with which a consumer interacts.

  (r) If a resource is designed for direct interaction, is only used by the resource owner on its own sites for direct interaction, and is not documented by the resource owner for use as an embedded API for other sites, then the resource need only comply with first-party requirements.  Otherwise, the resource must comply with third-party requirements unless it can dynamically determine that it has been invoked in a first party context.


outsourcing/service provider

  (j) A first party may outsource website functionality to a third party, in which case the third party may act as the first party under this standard with the following additional restrictions.  Throughout all data reception, retention, and use, outsourced service providers must use all feasible technical precautions to both mitigate the linkability of and prevent the linking of data from different first parties. Structural separation ("siloing") of data per first party, including both
  separate data structures and
  avoidance of shared unique identifiers
are necessary, but not necessarily sufficient, technical precautions.

  (cm) An outsourced party is any party, in a specific network interaction, that is working on behalf of a specific first or third party in compliance with the outsourced party information practices.


profile

  ??


EU directive 95/46/EC

(a) 'personal data' shall mean any information relating to an identified or identifiable natural person ('data subject'); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity;

(b) 'processing of personal data' ('processing') shall mean any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction;

(c) 'personal data filing system' ('filing system') shall mean any structured set of personal data which are accessible according to specific criteria, whether centralized, decentralized or dispersed on a functional or geographical basis;

(d) 'controller' shall mean the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of processing are determined by national or Community laws or regulations, the controller or the specific criteria for his nomination may be designated by national or Community law;

(e) 'processor' shall mean a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller;

(f) 'third party' shall mean any natural or legal person, public authority, agency or any other body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or the processor, are authorized to process the data;

(g) 'recipient' shall mean a natural or legal person, public authority, agency or any other body to whom data are disclosed, whether a third party or not; however, authorities which may receive data in the framework of a particular inquiry shall not be regarded as recipients;

(h) 'the data subject's consent' shall mean any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed.
Received on Friday, 22 June 2012 08:24:50 UTC

This archive was generated by hypermail 2.3.1 : Friday, 21 June 2013 10:11:31 UTC