Re: Indirect DNT Processing (Proposed)

This is ISSUE-262 ...

I have further clarified the requirements to be on the gateway and
added a requirement that the gateway have reason to believe that
the non-selected recipients will not retain tracking data.

I made some other editorial improvements that messed up a diff, so
below is just the relevant text of

http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#TSV-G

....Roy
=============
6.2.4 Gateway (G)

A tracking status value of G means the origin server is acting as a gateway to an exchange involving multiple parties. This might occur if a response to the designated resource involves an automated selection process, such as dynamic bidding, where the party that is selected determines how the request data will be treated with respect to an expressed tracking preference. Similar to the ? value, the G TSV indicates that the actual tracking status is dynamic and will be provided in the response message's Tk header field, presumably using information forwarded from the selected party.

This tracking status value is only valid as a site-wide status. An origin server MUST NOT send G as the tracking status value in a Tk header field or within the representation of a request-specific tracking status resource.

A gateway MUST NOT send G as the tracking status value if it knows in advance that all of the potential recipients have agreed on a single tracking status value of N (not tracking); in this case, the gateway MUST respond with N instead of G.

A gateway MUST NOT send G as the tracking status value unless it has reason to believe that recipients other than the selected party will not retain tracking data after the selection has been made when the expressed tracking preference is DNT:1; if non-selected recipients retain tracking data under DNT:1, the gateway MUST respond with T instead of G.

If G is present in the site-wide tracking status:

  • the gateway MUST meet the requirements of a service provider for each of the parties to which it provides request data;
  • the gateway MUST send a link within its site-wide tracking status representation to a privacy policy that explains what limitations are placed on parties that might receive data via that gateway;
  • the gateway MUST forward any expressed tracking preference in the request to each party that receives data from that request; and,
  • the gateway MUST send a Tk header field in responses to requests on the designated resource and include within that field's value a status-id specific to the selected party, such that information about the selected party can be obtained via the request-specific tracking status resource (see section 6.4.2 Request-specific Tracking Status).

=============

Received on Friday, 5 December 2014 19:30:04 UTC