Re: June Change Proposal: Protocol Information and Contextual Advertising from Nicholas Doty on 2013-06-27 (public-tracking@w3.org from June 2013)

From: Nicholas Doty <npdoty@w3.org>
Date: Thu, 27 Jun 2013 00:17:24 -0700
To: Jonathan Mayer <jmayer@stanford.edu>
Cc: "public-tracking@w3.org Group WG" <public-tracking@w3.org>
Message-Id: <39608567-A564-4639-84B2-030A92DF3AB6@w3.org>

Hi Jonathan,

Apologies, I got confused before when I didn't consider this change proposal at the same time as the other (mentioned below).

It appears that yours and Lee's proposals are harmonized for replacing the transient-out-of-scope text with a two-week retention limit for protocol information. I have consolidated those proposals into one on the relevant wiki page, but if you think I've consolidated/optimized too early, please clarify.

http://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_Short_Term

Thanks,
Nick

On Jun 26, 2013, at 6:07 AM, Jonathan Mayer <jmayer@stanford.edu> wrote:

> I would propose adding the following definition of protocol information:
>> Protocol information includes:
>> any information that a user agent necessarily shares with a web server when it communicates with the web server (e.g. IP address and User-Agent), and
>> the URL of the top-level page, communicated via a Referer header or other means, unless the URL contains information that is not unlinkable (e.g. a username or user ID).
>> Protocol information does not include:
>> any information that a web server could cause to not be sent but still communicate with the user agent (e.g. a cookie or a Request-URI parameter generated by the user agent), except the URL of the top-level page, and
>> any data added by a network intermediary that the operator of a web server has actual knowledge of (e.g. a unique device identifier HTTP header).
> 
> And allowing short-term retention and use for any purpose:
>> A third party may receive and use protocol information for any purpose, subject to a two-week retention period.
>  
> Including contextual advertising:
>> Under the general rule on protocol information a third party may temporarily use a top-level page URL for the purpose of contextually personalizing content.
> 

On Jun 26, 2013, at 6:08 AM, Jonathan Mayer <jmayer@stanford.edu> wrote:

> Nick,
> 
> I've sent a separate "protocol information" proposal that addresses contextual personalization.  Unlike the June Draft, that proposal doesn't turn on whether data is "transient."  Rather, it looks to whether the data was passively collected protocol information as opposed to stored or solicited information.
> 
> Jonathan

Received on Thursday, 27 June 2013 07:17:32 UTC