Re: ISSUE-5: definition of tracking

On Sep 4, 2012, at 15:20 , "Roy T. Fielding" <fielding@gbiv.com> wrote:

> On Sep 4, 2012, at 10:07 AM, Aleecia M. McDonald wrote:
> 
>> 	(c) Buried in this discussion (of "absolutely not tracking") was David Singer's attempt to define tracking: "Tracking is the retention or use, after a transaction is complete, of data records that are, or can be, associated with a single user." (I'd append: ", user agent, or device.")   Unlike every other time someone has made the attempt, the one and only reply was in support. Does that mean we can live with this? [Note that issue-5 is currently raised]
> 
> Probably not.  It does us very little good to define tracking such
> that it encompasses all access logs, since they are essential
> to any site that isn't deliberately acting as an open gateway.
> Are we agreed to that at least?

Actually, I was trying for a definition which clearly *excluded* data that was *out* of scope, and then discussed -- via permissions, and exceptions and so on -- uses that fall into the scope and need discussion.  I think trying to find a 'tight' definition that includes only the things that are in scope is much harder.  So, ordinary logging would be discussed and a suitable permission defined, in this model.  But we would not need to discuss retention or use of data that's outside this definition.

> 
> If so, as Shane has said a few million times, the definition of
> tracking has to reflect actively tracking the user/device
> (operational use of the data collected).  Additional restrictions
> on the retention of data for specific and necessary purposes can
> also be required for compliance, but that doesn't need to be
> reflected in the definition of "Do Not Track".
> 
> A variation on David's definition would be:
> 
>  Tracking is the retention or sharing of data collected from an
>  interaction to associate that interaction with a specific user
>  (or their personal user agent or device) and use that association
>  to obtain, collect, or correlate that user's behavior beyond
>  the scope of a single session.

That's not the only (or even possibly primary) use that worries people, in my understanding.


David Singer
Multimedia and Software Standards, Apple Inc.

Received on Tuesday, 4 September 2012 23:16:34 UTC