- From: Justin Brookman via cvs-syncmail <cvsmail@w3.org>
- Date: Tue, 28 Aug 2012 18:12:03 +0000
- To: public-tracking-commit@w3.org
Update of /w3ccvs/WWW/2011/tracking-protection/drafts In directory hutz:/tmp/cvs-serv1784 Modified Files: tracking-compliance.html Log Message: Added option for permitted use requirement that data not be stored against cookie or other unique identifier Index: tracking-compliance.html =================================================================== RCS file: /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-compliance.html,v retrieving revision 1.67 retrieving revision 1.68 diff -u -d -r1.67 -r1.68 --- tracking-compliance.html 19 Aug 2012 02:58:26 -0000 1.67 +++ tracking-compliance.html 28 Aug 2012 18:12:00 -0000 1.68 @@ -786,6 +786,26 @@ <p>Outside of Security and Frequency Capping, data retained for Permitted Uses MUST NOT be used to alter a specific user's online experience based on multi-site activity.</p> </section> +<section id="no-persistent-identifiers"> +<h5>No Persistent Identifiers</h5> + +<p class=option>A third party may only collect, use, and retain for permitted uses information that a user agent necessarily shares with a web server when it +communicates with the web server (e.g. IP address and User-Agent), and +the URL of the top-level page, communicated via a Referer header or other +means, unless the URL contains information that is not unlinkable (e.g. a +username or user ID).</br></br>A third party may not collect, use, or retain information +that a web server could cause to not be sent but still be able to +communicate with the user agent (e.g. a cookie or a Request-URI parameter +generated by the user agent), except the URL of the top-level page, or +any data added by a network intermediary that the operator of a web server has +actual knowledge of (e.g. a unique device identifier HTTP header).</p> + +<p class=note>The EFF/Mozilla/Stanford proposal is heavily dependent upon a requirement that +permitted use data is not correlated to a unique cookie or other persistent identifier. This issue +remains one of the biggest areas of dispute in the working group, as the industry proposal allows for the +use of cookies and other unique identifiers by third parties despite a DNT:1 instruction.</p> +</section> + <!-- <p class="issue" data-number="24" title="Possible permitted use for fraud detection and defense"></p> <p class="issue" data-number="25" title="Possible permitted use for research purposes"></p>
Received on Tuesday, 28 August 2012 18:12:04 UTC