W3C home > Mailing lists > Public > public-tracking@w3.org > January 2014

Re: issue-240

From: Rob van Eijk <rob@blaeu.com>
Date: Wed, 29 Jan 2014 18:44:23 +0100
To: "Mike O'Neill" <michael.oneill@baycloud.com>
Cc: public-tracking@w3.org
Message-ID: <f476f08f2c29a8a7541a9337799e3d42@xs4all.nl>
Proposal 2 deleted, as talked about on the call today.

Rob

Rob van Eijk schreef op 2014-01-29 18:41:
> Defintion updated to be the same as last line of non-normative text.
> MUST's have been removed.
> 
> Proposed by Rob van Eijk and Mike O'Neill via email.
> 
>     A context is limited to the set of resources that share the same
> data controller, are covered by the same privacy policy, share a
> common branding, and whose host domains, other than that of the
> document origin, have been declared in the same-party property of the
> Tracking Resource.
> 
>     Non-normative Note:
>     In case the same-party field is empty, then only the given site is
> considered to be the same context.
>     In order for a definition of context to be granular enough to
> distinguish one context from another, a set of cumulative criteria is
> proposed. The purpose of this definition is to reflect the user
> expectations that data collected for a specified purpose by one of
> those resources is available to all other resources within the same
> context. Data must not be shared between different contexts. Respect
> for context and purpose limitation within a context are important core
> principles for any use of (personal) data within that context. Within
> any particular network interaction within a context, a user can expect
> that session states and other data (strictly) necessary to support the
> activity will be retained or shared.
>     Given the outcome of the Call for Objections, the full combined
> tracking-context definition reads as: "Tracking is the collection of
> data regarding a particular user's activity across multiple distinct
> contexts and the retention, use, or sharing of data derived from that
> activity outside the context in which it occurred. A context is
> limited to the set of resources that share the same data controller,
> are covered by the same privacy policy, share a common branding, and
> whose host domains, other than that of the document origin, have been
> declared in the same-party property of the Tracking Resource."
> 
> 
> Mike O'Neill schreef op 2014-01-15 13:43:
>> (This was meant to go on the list first but I sent it from the wrong
>> email address.)
>> 
>> Rob and I agreed a minor change to the text on this. Here it is and I
>> have edited the wiki accordingly. It just takes out the redundant
>> repeated "and", clarifies the point that only the domains go into the
>> same-party property and says normatively that the site host name need
>> not be mentioned in same-party. The normative text was echoed at the
>> end of the non-normative so I fixed that in the same way. I also
>> changed field to property to correlate it with Roy's TPE changes.
>> 
>> My proposal 3 is redundant now so it should be removed.
>> 
>> Here is the changed text
>> 
>> A context is a set of resources that MUST all share the same data
>> controller, MUST all be covered by the same privacy policy, MUST share
>> a common branding, and whose host domains, other than that of the
>> document origin, MUST be declared in the same-party property of the
>> Tracking Resource.
>> 
>> Non-normative Note:
>> 
>> In case the same-party field is empty, then only the given site is
>> considered to be the same context. In order for a definition of
>> context to be granular enough to distinguish one context from another,
>> a set of cumulative criteria is proposed. The purpose of this
>> definition is to reflect the user expectations that data collected for
>> a specified purpose by one of those resources is available to all
>> other resources within the same context. Data must not be shared
>> between different contexts. Respect for context and purpose limitation
>> within a context are important core principles for any use of
>> (personal) data within that context. Within any particular network
>> interaction within a context, a user can expect that session states
>> and other data (strictly) necessary to support the activity will be
>> retained or shared. Given the outcome of the Call for Objections, the
>> full combined tracking-context definition reads as: "Tracking is the
>> collection of data regarding a particular user's activity across
>> multiple distinct contexts and the retention, use, or sharing of data
>> derived from that activity outside the context in which it occurred. A
>> context is limited to the set of resources that share the same data
>> controller, are covered by the same privacy policy, share a common
>> branding, and whose host domains, other than that of the document
>> origin, have been declared in the same-party property of the Tracking
>> Resource."
>> 
>> Mike
Received on Wednesday, 29 January 2014 17:44:53 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 14:41:42 UTC