W3C home > Mailing lists > Public > public-tracking@w3.org > January 2014

Re: issue-240

From: Ninja Marnau <ninja@w3.org>
Date: Wed, 15 Jan 2014 13:56:56 +0100
Message-ID: <52D68598.6060601@w3.org>
To: Mike O'Neill <michael.oneill@baycloud.com>, public-tracking@w3.org, rob@blaeu.com
Mike, Rob, thank you for this new proposal. I will remove Mike's 
Proposal 3 from the wiki.
Let's discuss the rationale of this new text in the call today.

Am 15.01.14 13:43, schrieb Mike O'Neill:
> (This was meant to go on the list first but I sent it from the wrong 
> email address.)
> Rob and I agreed a minor change to the text on this. Here it is and I 
> have edited the wiki accordingly. It just takes out the redundant 
> repeated "and", clarifies the point that only the domains go into the 
> same-party property and says normatively that the site host name need 
> not be mentioned in same-party. The normative text was echoed at the 
> end of the non-normative so I fixed that in the same way. I also 
> changed field to property to correlate it with Roy's TPE changes.
> My proposal 3 is redundant now so it should be removed.
> Here is the changed text
> A context is a set of resources that MUST all share the same data 
> controller, MUST all be covered by the same privacy policy, MUST share 
> a common branding, and whose host domains, other than that of the 
> document origin, MUST be declared in the same-party property of the 
> Tracking Resource.
> Non-normative Note:
> In case the same-party field is empty, then only the given site is 
> considered to be the same context. In order for a definition of 
> context to be granular enough to distinguish one context from another, 
> a set of cumulative criteria is proposed. The purpose of this 
> definition is to reflect the user expectations that data collected for 
> a specified purpose by one of those resources is available to all 
> other resources within the same context. Data must not be shared 
> between different contexts. Respect for context and purpose limitation 
> within a context are important core principles for any use of 
> (personal) data within that context. Within any particular network 
> interaction within a context, a user can expect that session states 
> and other data (strictly) necessary to support the activity will be 
> retained or shared. Given the outcome of the Call for Objections, the 
> full combined tracking-context definition reads as: "Tracking is the 
> collection of data regarding a particular user's activity across 
> multiple distinct contexts and the retention, use, or sharing of data 
> derived from that activity outside the context in which it occurred. A 
> context is limited to the set of resources that share the same data 
> controller, are covered by the same privacy policy, share a common 
> branding, and whose host domains, other than that of the document 
> origin, have been declared in the same-party property of the Tracking 
> Resource."
> Mike
Received on Wednesday, 15 January 2014 12:57:28 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:45:21 UTC