WWW/2011/tracking-protection/drafts tracking-compliance.html,1.67,1.68 from Justin Brookman via cvs-syncmail on 2012-08-28 (public-tracking-commit@w3.org from August 2012)

From: Justin Brookman via cvs-syncmail <cvsmail@w3.org>
Date: Tue, 28 Aug 2012 18:12:03 +0000
To: public-tracking-commit@w3.org
Message-Id: <E1T6QGh-0000Tv-3R@lionel-hutz.w3.org>

Update of /w3ccvs/WWW/2011/tracking-protection/drafts
In directory hutz:/tmp/cvs-serv1784

Modified Files:
	tracking-compliance.html 
Log Message:
Added option for permitted use requirement that data not be stored against cookie or other unique identifier

Index: tracking-compliance.html
===================================================================
RCS file: /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-compliance.html,v
retrieving revision 1.67
retrieving revision 1.68
diff -u -d -r1.67 -r1.68
--- tracking-compliance.html	19 Aug 2012 02:58:26 -0000	1.67
+++ tracking-compliance.html	28 Aug 2012 18:12:00 -0000	1.68
@@ -786,6 +786,26 @@
 <p>Outside of Security and Frequency Capping, data retained for Permitted Uses MUST NOT be used to alter a specific user's online experience based on multi-site activity.</p>
 </section>
 
+<section id="no-persistent-identifiers">
+<h5>No Persistent Identifiers</h5>
+
+<p class=option>A third party may only collect, use, and retain for permitted uses information that a user agent necessarily shares with a web server when it
+communicates with the web server (e.g. IP address and User-Agent), and
+the URL of the top-level page, communicated via a Referer header or other
+means, unless the URL contains information that is not unlinkable (e.g. a
+username or user ID).</br></br>A third party may not collect, use, or retain information
+that a web server could cause to not be sent but still be able to
+communicate with the user agent (e.g. a cookie or a Request-URI parameter
+generated by the user agent), except the URL of the top-level page, or
+any data added by a network intermediary that the operator of a web server has
+actual knowledge of (e.g. a unique device identifier HTTP header).</p>
+
+<p class=note>The EFF/Mozilla/Stanford proposal is heavily dependent upon a requirement that
+permitted use data is not correlated to a unique cookie or other persistent identifier.  This issue
+remains one of the biggest areas of dispute in the working group, as the industry proposal allows for the
+use of cookies and other unique identifiers by third parties despite a DNT:1 instruction.</p>
+</section>
+
 <!--
 <p class="issue" data-number="24" title="Possible permitted use for fraud detection and defense"></p>
 <p class="issue" data-number="25" title="Possible permitted use for research purposes"></p>

Received on Tuesday, 28 August 2012 18:12:04 UTC