- From: Heather West via cvs-syncmail <cvsmail@w3.org>
- Date: Mon, 23 Jul 2012 01:34:45 +0000
- To: public-tracking-commit@w3.org
Update of /w3ccvs/WWW/2011/tracking-protection/drafts
In directory hutz:/tmp/cvs-serv19872/WWW/2011/tracking-protection/drafts
Modified Files:
EditorsStrawmanComp.html
Log Message:
Fixed formatting gilitches; recorded notes and to-dos based on last call; tagged sections as non-normative/example as appropriate
Index: EditorsStrawmanComp.html
===================================================================
RCS file: /w3ccvs/WWW/2011/tracking-protection/drafts/EditorsStrawmanComp.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -d -r1.6 -r1.7
--- EditorsStrawmanComp.html 10 Jul 2012 17:03:26 -0000 1.6
+++ EditorsStrawmanComp.html 23 Jul 2012 01:34:43 -0000 1.7
@@ -139,7 +139,7 @@
<section id="introduction">
<h2>Introduction</h2>
- <p class="note">{NOTE:Editor's note: This introduction will be re-worked after details of substantive text is closer to being finalized.</p>
+ <p class="note">This introduction will be re-worked after details of substantive text is closer to being finalized.</p>
<p>The World Wide Web (WWW, or Web) consists of millions of sites interconnected through the use of hypertext. Hypertext provides a simple, page-oriented view of a wide variety of information that can be traversed by selecting links, manipulating controls, and supplying data via forms and search dialogs. A Web page is usually composed of many different information sources beyond the initial resource request, including embedded references to stylesheets, inline images, javascript, and other elements that might be automatically requested as part of the rendering or behavioral processing defined for that page.</p>
<p>Each of the hypertext actions and each of the embedded resource references might refer to any site on the Web, leading to a seamless interaction with the user even though the pages might be composed of information requested from many different and possibly independent Web sites. From the user's perspective, they are simply visiting and interacting with a single brand -- the first-party Web property -- and all of the technical details and protocol mechanisms that are used to compose a page representing that brand are hidden behind the scenes.</p>
<p>It has become common for Web site owners to collect data regarding the usage of their sites for a variety of purposes, including what led the user to visit their site (referrals), how effective the user experience is within the site (web analytics), and the nature of who is using their site (audience segmentation). In some cases, the data collected is used to dynamically adapt the content (personalization) or the advertising presented to the user (targeted advertising). Data collection can occur both at the first-party site and via third-party providers through the insertion of tracking elements on each page. A survey of these techniques and their privacy implications can be found in [<a href="http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html#bib-KnowPrivacy">KnowPrivacy</a>].</p>
@@ -151,8 +151,8 @@
<section id="scope-and-goals">
<h2>Scope and Goals</h2>
- <p class=note>This section consists of proposed text that is meant to address <a href="http://www.w3.org/2011/tracking-protection/track/issues/6">ISSUE-6</a> and is in active discussion. Currently, it satisfies no one. Like the introduction, we will revisit and finalize once the document is more complete.</p>
- <p class="issue">{ISSUE:<a href="http://www.w3.org/2011/tracking-protection/track/issues/6">ISSUE-6</a>: What are the underlying concerns? Why are we doing this?</p>
+ <p class="note">This section consists of proposed text that is meant to address <a href="http://www.w3.org/2011/tracking-protection/track/issues/6">ISSUE-6</a> and is in active discussion. Currently, it satisfies no one. Like the introduction, we will revisit and finalize once the document is more complete.</p>
+ <p class="issue"><a href="http://www.w3.org/2011/tracking-protection/track/issues/6">ISSUE-6</a>: What are the underlying concerns? Why are we doing this?</p>
<p>While there are a variety of business models to monetize content on the web, many rely on advertising. Advertisements can be targeted to a particular user's interests based on information gathered about one's online activity. While the Internet industry believes many users appreciate such targeted advertising, as well as other personalized content, there is also an understanding that some people find the practice intrusive. If this opinion becomes widespread, it could undermine the trust necessary to conduct business on the Internet. This Compliance specification and a companion [[!!TRACKING-DNT]] specification are intended to give users a means to indicate their tracking preference and to spell out the obligations of compliant websites that receive the Do Not Track message. The goal is to provide the user with choice, while allowing practices necessary for a smoothly functioning Internet. This should be a win-win for business and consumers alike. The Internet brings millions of users and web sites togther in a vibrant and rich ecosystem. As the sophistication of the Internet has grown, so too has its complexity which leaves all but the most technically savvy unable to deeply understand how web sites collect and use data about their online interactions. While on the surface many web sites may appear to be served by a single entity, in fact, many web sites are an assembly of multiple parties coming together to power a user's online experience. As an additional privacy tool, this specification provides both the technical and compliance guidelines to enable the online ecosystem to further empower users with the ability to communicate a tracking preferences to a web site and its partners.</p>
<p>The accompanying <a href="http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html#bib-TRACKING-DNT">TRACKING-DNT</a> recommendation explains how a user, through a user agent, can clearly express a desire not to be tracked. This Tracking Compliance and Scope recommendation sets the standard for the obligations of a website that receives such a DNT message.</p>
<p>Taken together these two standards should have four substantial outcomes:</p><ol start="1"><li>Empower users to manage their preference around the collection and correlation of data about Internet activities that occur on different sites and spell out the obligations of sites in honoring those preferences when DNT is enabled.</li><li>Provide an exceedingly straightforward way for users to gain transparency and control over data usage and the personalization of content and advertising on the web.</li><li>Enable a vibrant Internet to continue to flourish economically by supporting innovative business models while protecting users' privacy.</li><li>Establish compliance metrics for operators of online services</li></ol><p>This solution is intended to be persistent, technology neutral, and reversible by the user. It aims to preserve a vibrant online ecosystem, privacy-preserving secondary data uses necessary to ecommerce, and adequate security measures. We seek a solution that is persistent, technology neural, and [something that speaks with the ability to opt back in], but that preserves a vibrant online ecosystem, privacy-preserving secondary data uses, and adequate security measures.</p>
@@ -160,25 +160,26 @@
<section id="definitions">
<h2>Definitions</h2>
-<p class="note">{NOTE:Editor's note: The definitions section is a strawman proposal from editors based on discussion in Seattle. Many sections are not yet consensus text. I am adding material based on in-person discussions as reflected in the minutes, mailing list text, and other sources. - Heather</p>
+<p class="note">The definitions section is a strawman proposal from editors based on discussion in Seattle. Many sections are not yet consensus text.</p>
<section id="def-user">
<h3>User</h3>
-<p class="note">{NOTE:Editor's note: This definition is consensus or near-consensus text from the pre-Seattle draft.</p>
+<p class="note">This definition is consensus or near-consensus text from the pre-Seattle draft.</p>
<p>A user is an individual human. When user-agent software accesses online resources, whether or not the user understands or has specific knowledge of a particular request, that request is made "by" the user.</p>
</section>
<section id="def-user-agent">
<h3>User Agent</h3>
-<p class="note">{NOTE:Editor's note: This definition is consensus or near-consensus text from the pre-Seattle draft, but there may be some debate on the definition.</p>
+<p class="note">This definition is consensus or near-consensus text from the pre-Seattle draft, but there may be some debate on the definition.</p>
<p>This specification uses the term user agent to refer to any of the various client programs capable of initiating HTTP requests, including but not limited to browsers, spiders (web-based robots), command-line tools, native applications, and mobile apps [<a href="http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html#bib-HTTP11">HTTP11</a>].</p>
</section>
<section id="def-parties">
<h3>Parties</h3>
- <h2>Definitions</h2>
+
+<p class="note">Dsinger has asked to add something about the responsibility following the data</p>
A <dfn>functional entity</dfn> is any commercial, nonprofit, or governmental organization, a subsidiary or unit of such an organization, or a person.
<br/><br/>
Functional entities are <dfn>affiliated</dfn> when they are related by both common majority ownership and common control.
@@ -187,19 +188,24 @@
<section>
<h2>Transparency</h2>
+<p class="note">This section is at best out of place, and should be in the compliance section, not definitions.</p>
<section>
<h2>Requirement</h2>
A <a>functional entity</a> must make its <a>affiliated</a> functional entities easily discoverable by a user.
</section>
<section>
<h2>Non-Normative Discussion</h2>
-Affiliation may be made easily discoverable by prominent and common branding by a functional entity of affiliation on its webpages, within a privacy policy linked from its webpages, or a machine-readable format in a well-known location.
+<p class="informative">Affiliation may be made easily discoverable by prominent and common branding by a functional entity of affiliation on its webpages, within a privacy policy linked from its webpages, or a machine-readable format in a well-known location.</p>
</section></section>
<section id="def-service-providers">
<h4>Service Providers/Outsourcers</h4>
- <p class=note>This section was taken largely from the combo draft Aleecia shared is Seattle, which was based an expansion of the Mayer pre-Seattle draft to allow for outsourcing by both first and third parties. I am not sure there is consensus around this proposal.</p>
+ <p class="note">This section was taken largely from the combo draft Aleecia shared is Seattle, which was based an expansion of the Mayer pre-Seattle draft to allow for outsourcing by both first and third parties. I am not sure there is consensus around this proposal.</p>
+<p class="note">Definition of service provider needs to be reworked (AI: http://lists.w3.org/Archives/Public/public-tracking/2012Mar/0001.html,http://lists.w3.org/Archives/Public/public-tracking/2012Jun/0462.html); put various options into the document. Seemed to have consensus in theory but not in language.</p>
+<p class="note">Ensure that third party can act as a third party, or as a first party within section</p>
+<p class="note">hwest to propose an alternative definition of first party (based on ownership? alternative to inference?) [recorded in http://www.w3.org/2012/07/11-dnt-minutes.html#action01]</p>
+
<p>This section applies to parties engaging in an outsourcing relationship, wherein one party "stands in the shoes" of another party to perform a specific task. Both parties have responsibilities, as detailed below.</p>
<p>
@@ -215,7 +221,7 @@
<section class="informative">
<h2>Non-Normative</h2>
- <p>Outsourced companies that act purely as vendors for their customers (often first parties in this context) are not the intended target for the Tracking Preference Expression but it is important there are no unintended activities that are extended to another party through this allowance. In all cases, its expected an outsourced company acting on the part of a customer follows all of the same restrictions placed on that customer.</p>
+ <p class="informative">Outsourced companies that act purely as vendors for their customers (often first parties in this context) are not the intended target for the Tracking Preference Expression but it is important there are no unintended activities that are extended to another party through this allowance. In all cases, its expected an outsourced company acting on the part of a customer follows all of the same restrictions placed on that customer.</p>
<p>For the data separation requirement, outsourced companies have technical options to achieve appropriate separation but in each the critical element is that data is never reconstituted for users that have indicated a preference not to be tracked. One possible approach would be to leverage a per partner hash against a common cookie identifier, ensuring the resulting identifier is consistent for a specific customer, but is unable to be linked with another customer’s identifier.</p>
@@ -326,7 +332,7 @@
Throughout all data collection, retention, and use, outsourced parties MUST use sufficient internal practices to prevent the identification of data from different parties.
</p>
- <section class="informative">
+ <section class="informative"> <!-- Unclear whether this non-norm tagging works, may need to fix -->
<h3>Non-Normative Discussion</h3>
<section>
<h4>Policy</h4>
@@ -405,7 +411,7 @@
intentionally communicated with it.</p>
</section>
- <section>
+ <section class="informative">
<h2>Non-Normative Discussion</h2>
<section>
@@ -546,7 +552,7 @@
embedded social sharing button. The average user would understand that by
clicking the button she is communicating with Example Social.</li></ol>
- <p class="issue">{ISSUE: <a href="http://www.w3.org/2011/tracking-protection/track/issues/26">ISSUE-26</a> : Providing data to 3rd-party widgets &emdash; does that imply consent?</p>
+ <p class="issue"> <a href="http://www.w3.org/2011/tracking-protection/track/issues/26">ISSUE-26</a> : Providing data to 3rd-party widgets -- does that imply consent?</p>
</section>
</section>
@@ -554,7 +560,9 @@
<section id="def-unlinkable">
<h3>Unlinkable Data</h3>
- <p class=note>There is debate about whether to use the terms unlinkable, unlinked, or unidentified to describe this type of data.</p>
+ <p class="note">There is debate about whether to use the terms unlinkable, unlinked, or unidentified to describe this type of data.</p>
+ <p class="note">Unstable, but established options. Make sure text/discussion from Bellevue is captured in the document.</p>
+<p class="note">Add an option to limit use of unlinkable data, since it’s a broader exception, per jmayer</p>
<p class=option>A party render a dataset <dfn>unlinkable</dfn> when it<br>1. takes commercially reasonable steps have been taken to de-identify data such that there is confidence that it contains information which could not be linked to a specific user, user agent, or device in a production environment<br>2. publicly commits to retain and use the data in unlinkable fashion, and not to attempt to re-identify the data<br>3. contracually prohibits any third party that it transmits the unlinkable data to from attempting to re-identify the data. Parties SHOULD provide transparency to their delinking process (to the extent that it will not provided confidential details into security practices) so external experts and auditors can assess if the steps are reasonably given the particular data set.</p>
<p class=option>A dataset is <dfn>unlinkable</dfn> when there is a high probability that it contains only information that could not be linked to a particular user, user agents, or device by a skilled analyst. A party renders a dataset unlinkable when either:<br>1. it publicly publishes information that is sufficiently detailed for a skilled analyst to evaluate the implementation, or<br>2. ensure that the dataset is at least 1024-unlinkable.</p>
</section>
@@ -563,7 +571,7 @@
<h3>Network Transaction</h3>
<p class="note">This definition is consensus or near-consensus text from the pre-Seattle draft.</p>
<p>A "network interaction" is an HTTP request and response, or any other sequence of logically related network traffic.</p>
- <p class="informative">{NON-NORM:Non-normative explanatory text: Determination of a party's status is limited to a single interaction because a party's status may be affected by time, context, or any other factor that influences user expectations.</p>
+ <p class="informative">Non-normative explanatory text: Determination of a party's status is limited to a single interaction because a party's status may be affected by time, context, or any other factor that influences user expectations.</p>
</section>
<section id="def-transactional-data">
@@ -575,19 +583,20 @@
<section id="def-collection">
<h3>Data collection, retention, use, and sharing</h3>
<p class="note">We have not had time to substantially edit the definitions of collection and tracking. These continue to be actively debated issues, as the resolution of the use of unique identifiers is likely to end up in these definitions.</p>
- <p class="issue">{ISSUE:<a href="http://www.w3.org/2011/tracking-protection/track/issues/16">ISSUE-16</a> : What does it mean to collect data? (caching, logging, storage, retention, accumulation, profile etc.)</p> <ol start="1"><li>A party "collects" data if the data comes within its control.</li><li>A party "retains" data if data remains within a party's control.</li><li>A party "uses" data if the party processes the data for any purpose other than storage.</li><li>A party "shares" data if the party enables another party to collect the data.</li></ol><p>The definitions of collection, retention, use, and sharing are drafted expansively so as to comprehensively cover a party's user-information practices. These definitions do not require a party's intent; a party may inadvertently collect, retain, use, or share data. The definition of collection includes information that a party did not cause to be transmitted, such as protocol headers.</p>
+ <p class="note">Still contention around these definitions. Get all the options into the doc.</p>
+ <p class="issue"><a href="http://www.w3.org/2011/tracking-protection/track/issues/16">ISSUE-16</a> : What does it mean to collect data? (caching, logging, storage, retention, accumulation, profile etc.)</p> <ol start="1"><li>A party "collects" data if the data comes within its control.</li><li>A party "retains" data if data remains within a party's control.</li><li>A party "uses" data if the party processes the data for any purpose other than storage.</li><li>A party "shares" data if the party enables another party to collect the data.</li></ol><p>The definitions of collection, retention, use, and sharing are drafted expansively so as to comprehensively cover a party's user-information practices. These definitions do not require a party's intent; a party may inadvertently collect, retain, use, or share data. The definition of collection includes information that a party did not cause to be transmitted, such as protocol headers.</p>
</section>
<section id="def-tracking">
<h3>Tracking</h3>
<p class="note">We have not had time to substantially edit the definitions of collection and tracking. These continue to be actively debated issues, as the resolution of the use of unique identifiers is likely to end up in these definitions.</p>
- <p class="note">{NOTE: We are still working through how, or if, to define tracking. Some suggest the phrase "cross-site tracking" only. We will need to ensure both final recommendations use the same terms in the same way, but may not explicitly define tracking.</p>
+ <p class="note"> We are still working through how, or if, to define tracking. Some suggest the phrase "cross-site tracking" only. We will need to ensure both final recommendations use the same terms in the same way, but may not explicitly define tracking.</p>
<p class="issue"><a href="http://www.w3.org/2011/tracking-protection/trac/k/issues/117">ISSUE-117</a>: Terms: tracking v. cross-site tracking</p>
<p>The WG has not come to consensus regarding the definition of tracking and whether the scope of DNT includes all forms of user-identifying data collection or just cross-site data collection/use. This issue will be resolved in the TCS document, though its resolution is a necessary prerequisite to understanding and correctly implementing the protocol defined by this document.</p>
<section id="def-tracking-1">
<h4>Option 1: Non-first Party Identifiers</h4>
- <p class="note">{NOTE: Concerns with this section include undefined term "user data" plus as written, this may apply more broadly than the authors intended</p>
+ <p class="note"> Concerns with this section include undefined term "user data" plus as written, this may apply more broadly than the authors intended</p>
<p>Tracking is the collection or use of user data via either a unique identifier or a correlated set of data points being used to approximate a unique identifier, in a context other than "first party" as defined in this document. This includes:</p><ol start="1"><li>a party collecting data across multiple websites, even if it is a first party in one or more (but not all) of the multiple contexts</li><li>a third party collecting data on a given website</li><li>a first party sharing user data collected from a DNT:1 user with third parties "after the fact".</li></ol><p>Examples of tracking use cases include:</p><ol start="1"><li>personalized advertising</li><li>cross-site analytics or market research that has not been de-identified</li><li>automatic preference sharing by social applications</li></ol>
</section>
@@ -606,6 +615,9 @@
<section id="def-consent">
<h3>Explicit and Informed Consent</h3>
<p class="note">The spec currently envisions that users should consent to both the setting of a DNT preference as well as any user-granted exceptions. We have not reached agreement on how precisely we need to define this term.</p>
+ <p class="note">Include note that asks whether this applies to all consent, both turning DNT on and asking for an exception; may need to rephrase choice mechanism</p>
+<p class="note">David Singer & Shane to work with Justin on alternative text on consent, check mailing list and Bellevue minutes for additional suggestions
+</p>
<section id=def-consent-prescribe>
<h4>Option 1: Prescriptive</h4>
@@ -618,12 +630,12 @@
</section>
</section>
- <p class="issue">{ISSUE:<a href="http://www.w3.org/2011/tracking-protection/track/issues/69">ISSUE-69</a> : Should the spec say anything about minimal notice? (ie. don't bury in a privacy policy)</p></section></section>
+ <p class="issue"><a href="http://www.w3.org/2011/tracking-protection/track/issues/69">ISSUE-69</a> : Should the spec say anything about minimal notice? (ie. don't bury in a privacy policy)</p></section></section>
<section id="first-party-compliance">
<h3>First Party Compliance</h3>
-<p class="note">Heather: This section has been cleaned up in order to improve fluency, and is largely consensus text based on discussions in Seattle.<br>Justin: I still think this language needs work --- I still don't understand how it allows publishers to use third parties for anything, including ad delivery.</p>
+<p class="note">Clear that this language is still in flux, and may not yet allow third parties to do anything on a publisher site. (Justin to suggest edits)</p>
<p>If a First Party receives a network transaction to which a DNT:1 header is attached, First Parties may engage in their normal collection and use of information. This includes the ability to customize the content, services, and advertising in the context of the first party experience. </p>
@@ -651,10 +663,12 @@
<section id="geolocation">
<h4>Geolocation compliance by a third party</h4>
<p class="note">Unclear whether this section reflects group consensus.</p>
+<p class="note">TODO: Get Ian’s suggestions from the mailing list and Ian/dwainberg’s review of this geolocation section</p>
+<p class="note">Make sure that elements of user agent aren’t in geolocation section; revisit invasive behavior example </p>
<p class="issue"><a href="http://www.w3.org/2011/tracking-protection/track/issues/39">ISSUE-39</a>: Tracking of geographic data (however it's determined, or used)</p>
<p>If the operator of a third-party domain receives a communication to which a DNT:1 header is attached:</p>
<ol start="1"><li>Geo-location information that is more granular than postal code is too granular. Geolocation data must not be used at any level more granular than postal code. Note that while the number of people living in a postal code varies from country to country, postal codes are extant world-wide.</li><li>If specific consent has been granted for the use of more granular location data, than that consent prevails.</li></ol>
-<p><i>Non-normative text</i><br><p>It is acceptable to use data sent as part of this particular network
+<p><i>Non-normative text</i><br><p class="informative">It is acceptable to use data sent as part of this particular network
interaction when composing a response to a DNT:1 request, but it is
not acceptable to store that data any longer than needed to reply. For
instance, it would be appropriate to use an IP address to guess which
@@ -703,23 +717,25 @@
<p class=option>For any purpose, so long as the information is retained for no longer than N weeks and the information is not transmitted to a third party and the information is not used to build a profile about a user or otherwise alter any individual's user experience (apart from changes that are made based on aggregate data).</p>
-<p class=note>We have discussed allowing a N-week (anywhere from 1 week to 3 months) grace period where third parties could collect and use data, partly due to concerns , partly as a compromise to the market research/aggregate reporting issue. We do not have consensus on this permitted use at this point. If we decide to allow this, we would need to add non-normative text explaining the rationale and providing examples.</p></section>
+<p class="note">We have discussed allowing a N-week (anywhere from 1 week to 3 months) grace period where third parties could collect and use data, partly due to concerns , partly as a compromise to the market research/aggregate reporting issue. We do not have consensus on this permitted use at this point. If we decide to allow this, we would need to add non-normative text explaining the rationale and providing examples.</p></section>
<section id=contextual>
<h5>Contextual Content or Ad Delivery</h5>
-
+<p class="note">Note that it is not clear that this is in scope, per Shane; others disagree. Revisit whether contextual belongs in some place other than permitted uses (potentially the definition of collection).
+</p>
<p>For the display of contextual content or advertisements, including content or advertisements based on the first-party domain that the user visited.</p>
<p><i>Examples</i></p>
-<p class=informative><ol><li>A user visits ExampleSports.com with DNT:1 enabled to read a news article about a baseball game. ExampleSports uses the third party ExampleAds to serve ads on ExampleSports.com. ExampleAds is not an outsourcing partner of ExampleSports, and often uses third-party behavioral data to serve targeted ads to users who have not enabled DNT:1. ExampleAds may collect and use inforation about the user in order to render an advertisement (including IP address and information about the user agent) and information about the url of the news article in order to render an advertisement related to the baseball game.</li><br><li>A user visits ExampleLocalNews.com with DNT:1 enabled to read a news article about a local fire. ExampleLocalNews uses the third party ExampleWeather to display a weather widget on its site. ExampleWeather is not an outsourcing partner of ExampleLocalNews. ExampleWeather may collect and user information about the user in order to render the weather widget (includig IP address and information about the user agent) and information about the domain of the news site in order to render weather information related to the city which ExampleLocalNews reports on.</li><br></ol></p></section>
+<p class="informative"><ol><li>A user visits ExampleSports.com with DNT:1 enabled to read a news article about a baseball game. ExampleSports uses the third party ExampleAds to serve ads on ExampleSports.com. ExampleAds is not an outsourcing partner of ExampleSports, and often uses third-party behavioral data to serve targeted ads to users who have not enabled DNT:1. ExampleAds may collect and use inforation about the user in order to render an advertisement (including IP address and information about the user agent) and information about the url of the news article in order to render an advertisement related to the baseball game.</li><br><li>A user visits ExampleLocalNews.com with DNT:1 enabled to read a news article about a local fire. ExampleLocalNews uses the third party ExampleWeather to display a weather widget on its site. ExampleWeather is not an outsourcing partner of ExampleLocalNews. ExampleWeather may collect and user information about the user in order to render the weather widget (incluing IP address and information about the user agent) and information about the domain of the news site in order to render weather information related to the city which ExampleLocalNews reports on.</li><br></ol></p></section>
<section id=first-party-data>
<h5>Content or Ad Delivery Based on First Party Data</h5>
+<p class="note">Note that it is not clear that this is in scope, per Shane; others disagree. Revisit whether contextual belongs in some place other than permitted uses (potentially the definition of collection).
+</p>
+<p class="option">For the display of content or advertisements based in part of data that the third party previously collected from the user when acting as a first party.</p>
-<p class=option>For the display of content or advertisements based in part of data that the third party previously collected from the user when acting as a first party.</p>
-
-<p class=informative><i>Examples</i><br><ol><li>A user visits ExampleNews.com with DNT:1 enabled to read a story about a national election. ExamplesNews uses the third party ExamplePortal to serve content and advertisements on its site. ExamplePortal is not an outsourcing partner of ExampleNews. The user had previously visited ExamplePortal.com with DNT:1 enabled and read several stories about golf. ExamplePortal may serve an advertisement related to golf to that same user on ExampleNews. However, ExamplePortal may not use the fact that user went to ExampleNews to add to the user's ExamplePortal profile, and may only retain and use information about that fact for a permitted operational use.</li><br><li>A user visits Example Music with DNT:1 enabled to listen to recently released albums streamed online. Example Music uses the third party Example Social to provide a widget that shows users what their Example Social friends have done on ExampleMusic. ExampleSocial is not an outsourcing partner of ExamleMusic. The user is a member of ExampleSocial and has several friends who also share information about what they do on ExampleMusic on ExampleSocial. ExampleSocial may display information that the users' friends had shared on ExampleSocial related to ExampleMusic within its third-party widget on ExampleMusic. However, ExampleSocial may not use the fact that user went to ExampleMusic to add to the user's ExampleSocial profile, and may only retain and use information about that fact for a permitted operational use.</li></ol></p></section>
+<p class="informative"><i>Examples</i><br><ol><li>A user visits ExampleNews.com with DNT:1 enabled to read a story about a national election. ExamplesNews uses the third party ExamplePortal to serve content and advertisements on its site. ExamplePortal is not an outsourcing partner of ExampleNews. The user had previously visited ExamplePortal.com with DNT:1 enabled and read several stories about golf. ExamplePortal may serve an advertisement related to golf to that same user on ExampleNews. However, ExamplePortal may not use the fact that user went to ExampleNews to add to the user's ExamplePortal profile, and may only retain and use information about that fact for a permitted operational use.</li><br><li>A user visits Example Music with DNT:1 enabled to listen to recently released albums streamed online. Example Music uses the third party Example Social to provide a widget that shows users what their Example Social friends have done on ExampleMusic. ExampleSocial is not an outsourcing partner of ExmpleMusic. The user is a member of ExampleSocial and has several friends who also share information about what they do on ExampleMusic on ExampleSocial. ExampleSocial may display information that the users' friends had shared on ExampleSocial related to ExampleMusic within its third-party widget on ExampleMusic. However, ExampleSocial may not use the fact that user went to ExampleMusic to add to the user's ExampleSocial profile, and may only retain and use information about that fact for a permitted operational use.</li></ol></p></section>
<section id="frequency-capping">
<h5>Frequency Capping</h5>
@@ -728,30 +744,30 @@
<p><i>Example</i></p>
-<p class=informative>A user visits ExampleNews with DNT:1 enabled. ExamplesNews uses the third party ExampleAds to serve content and advertisements on its site. ExampleAds is not an outsourcing partner of ExampleNews. ExampleAds has previously shown the user an ad for ExampleCars fives times in the past week on other sites. ExampleCars' contract with Example Ads states that Example Ads will be paid less for impressions where the user sees an ad more than five times in a week. ExampleAds may opt not to show the user the ad for ExampleCars because the user has already seen the ad five times on other sites.</p>
+<p class="informative">A user visits ExampleNews with DNT:1 enabled. ExamplesNews uses the third party ExampleAds to serve content and advertisements on its site. ExampleAds is not an outsourcing partner of ExampleNews. ExampleAds has previously shown the user an ad for ExampleCars fives times in the past week on other sites. ExampleCars' contract with Example Ads states that Example Ads will be paid less for impressions where the user sees an ad more than five times in a week. ExampleAds may opt not to show the user the ad for ExampleCars because the user has already seen the ad five times on other sites.</p>
<p class=option>In Seattle, we discussed specifically limiting how data was stored for frequency capping.<br><br>Server-side frequency capping is allowed if the tracking identifier is only retained in a form that is unique to each super-campaign (e.g., one-way hashed with a campaign id) and does not include retention of the user's activity trail (page URIs on which the ads were delivered) aside from what is allowed for other permitted uses.</p></section>
-<section id=financial-logging">
+<section id="financial-logging">
<h5>Financial Logging and Auditing</h5>
-
+<p class="note">for financial logging/ auditing, look to 3rd parties as 3rd parties</p>
<p>For financial fulfillment purposes such as billing and audit compliance. This includes counting and verifiying:<ul><li>ad impressions to unique visitors</li><li>clicks by unique visitors</li><li>subsequent action or conversion by unique visitors</li><li>quality measures such as ad position on sites and the sites on which the ads were served</li></p>
<p><i>Examples</i></p>
-<p class=note>Add examples for display verification, click verification, CPA, quality measures</p></section>
+<p class="note">Add examples for display verification, click verification, CPA, quality measures</p></section>
<p class=option>One potential compromise on the unique identifier issue for logging would be grandfather in existing contracts that require unique, cookie-based counting. New contracts would not be able to require that ad networks use cookies (or other unique identifiers) to uniquely count users who have DNT:1 enabled.</p>
<section id="security">
<h5>Security and Fraud Prevention</h5>
-
+<p class="note">add examples on security with and without outsourced parties</p>
<p>For detecting security risks and fraudulent activity, defending from attacks and fraud, and maintaining integrity of the service. This includes data reasonably necessary for enabling authentication/verification, detecting hostile transactions and attacks, providing fraud prevention, and maintaining system integrity.</p>
<p class="note">In Seattle, we discussed a compromise"graduated response" approach that allows third parties to retain data for a short period if no problems are apparent, and to use/retain longer only if there is reason to believe there is a problem.</p>
<p><i>Examples</i></p>
-<p class=note>Add examples</p></section>
+<p class="note">Add examples</p></section>
<section id=debugging>
<h5>Debugging</h5>
@@ -761,12 +777,12 @@
<p class="informative">Non-normative explanatory text: Detailed information is often necessary to replicate a specific user's experience to understand why their particular set of variables is resulting in a failure of expected functionality or presentation. These variables could include items such as cookie IDs, page URLs, device or UA details, content specifics, and activity/event specifics to narrow in on the cause of the discrepancy.</p></section>
-<p class=note>Add examples</p>
+<p class="note">Add examples</p>
<section id=aggregate-reporting>
<h5>Aggregate Reporting</h5>
-<p class=note>Text is based on breakout group discussion, and large group presentation, at the Seattle meeting. However, there is not group consensus that this should be a permitted operational use.</p>
+<p class="note">Text is based on breakout group discussion, and large group presentation, at the Seattle meeting. However, there is not group consensus that this should be a permitted operational use.</p>
<p class=option>For aggregate reporting, such as market research and product improvement. Data MAY be collected and retained on an individual level, but the use of the data must only be aggregate reporting, and the products of the reporting MUST be unlinkable as defined in this document.</p>
@@ -774,9 +790,9 @@
<p class=option>No permitted use for aggregate reporting outside of the grace period described earlier.</p>
-<p class=note>Add examples</p></section>
+<p class="note">Add examples</p></section>
-<p class="note">While definitely a Permitted Use, compliance with local laws and public purposes, such as copyright protection and delivery of emergency services, is not listed separately. It is unclear whether this should be specified in the draft.</p></section>
+<p class="note">While definitely a Permitted Use, compliance with local laws and public purposes, such as copyright protection and delivery of emergency services, is not listed separately. It is unclear whether this should be specified in the draft, and where.</p></section>
<section id=permitted-use-requirements>
<h4>Additional Requirements for Permitted Uses</h4>
@@ -791,14 +807,14 @@
<h5>Data Minimization and Transparency</h5>
<p>A third party MUST ONLY retain information for a Permitted Use for as long as is reasonably necessary for that use. Third parties MUST make reasonable data minimization efforts to ensure that only the data necessary for the permittted use is retained. A third party MUST provide public transparency of their data retention period. The third party MAY enumerate each individually if they vary across Permitted Uses. Once the period of time for which you have declared data retention for a given use, the data MUST NOT be used for that permitted use. After there are no remaining Permitted Uses for given data, the data must be deleted or rendered unlinkable.</p>
-<p class=note>May be worthwhile to put some examples in around when it is or isn't a good idea to explain use, ie, Commonly Accepted Practices vs. security data to address unique businesses</p></section>
+<p class="note">May be worthwhile to put some examples in around when it is or isn't a good idea to explain use, ie, Commonly Accepted Practices vs. security data to address unique businesses</p></section>
<section id=reasonable-security>
<h5>Reasonable Security</h5>
<p>Third parties MUST use reasonable technical and organizational safeguards to prevent further processing of data retained for Permitted Uses. While physical separation of data maintained for permitted uses is not required, best practices should be in place to ensure technical controls ensure access limitations and information security. Third parties SHOULD ensure that the access and use of data retained for Permitted Uses is auditable.</p>
-<p class=note>Whether or not the type of audit is mandated is still in discussion; an optional field exists in the TPE spec for auditors and self-regulatory commitments.</p></section>
+<p class="note">Whether or not the type of audit is mandated is still in discussion; an optional field exists in the TPE spec for auditors and self-regulatory commitments.</p></section>
<section id=no-personalization>
<h5>No Personalization</h5>
@@ -812,21 +828,21 @@
<p class="issue"><a href="http://www.w3.org/2011/tracking-protection/track/issues/31">ISSUE-31</a> : Minimization -- to what extent will minimization be required for use of a particular permitted use? (conditional permitted uses)</p>
<p class="issue"><a href="http://www.w3.org/2011/tracking-protection/track/issues/92">ISSUE-92</a> : If data collection (even very specific with IP address, user agent, referrer) is time-limited, with very limited retention, is that still tracking?</p>
<p class="issue"><a href="http://www.w3.org/2011/tracking-protection/track/issues/89">ISSUE-89</a> : Does DNT mean at a high level: (a) no customization, users are seen for the first time, every time. (b) DNT is about data moving between sites.</p>
-<p class="issue"><a href="http://www.w3.org/2011/tracking-protection/track/issues/97">ISSUE-97</a>: Re-direction, shortened URLs, click analytics &emdash; what kind of tracking is this?</p></section></section>
+<p class="issue"><a href="http://www.w3.org/2011/tracking-protection/track/issues/97">ISSUE-97</a>: Re-direction, shortened URLs, click analytics -- what kind of tracking is this?</p></section></section>
<section id="user-granted-exceptions">
<h2>User-Granted Exceptions</h2>
-<p class="note">Heather: Unclear to me whether this even belongs in the compliance doc at this point.</p>
+<p class="note">Figure out which parts of UGE belong in which document.</p>
<p>The operator of a website may engage in practices otherwise described by this standard if the user has given explicit and informed consent. This consent may be obtained through the browser API defined in the companion [[!!TRACKING-DNT]] document, or an operator of a website may also obtain "out-of-band" consent to disregard a "Do Not Track" preference using a different technology. If an operator is relying on "out of band" consent to disregard a "Do Not Track" instruction, the operator must indicate this consent to the user agrent as described in the companion [[!!TRACKING-DNT]] document.</p>
-<p class="issue">{ISSUE:<a href="http://www.w3.org/2011/tracking-protection/track/issues/83">ISSUE-83</a> : How do you opt out if already opted in? - pretty sure this belongs in the technical spec</p>
-<p class="issue">{ISSUE:<a href="http://www.w3.org/2011/tracking-protection/track/issues/67">ISSUE-67</a> : Should opt-back-in be stored on the client side? - pretty sure this belongs in the technical spec</p>
+<p class="issue"><a href="http://www.w3.org/2011/tracking-protection/track/issues/83">ISSUE-83</a> : How do you opt out if already opted in? - pretty sure this belongs in the technical spec</p>
+<p class="issue"><a href="http://www.w3.org/2011/tracking-protection/track/issues/67">ISSUE-67</a> : Should opt-back-in be stored on the client side? - pretty sure this belongs in the technical spec</p>
<section id="interactions">
<h3>Interaction with existing user privacy controls</h3>
-<p class="note">I believe that there is text on this somewhere, from Seattle meeting - Heather to find</p>
+<p class="note">There may be text on this somewhere, from Seattle meeting</p>
<p>Multiple systems may be setting, sending, and receiving DNT and/or Opt-Out signals at the same time, it'll be important to ensure industry and web browser vendors are on the same page with respect to honoring user choices in circumstances where "mixed signals" may be received.</p>
<p>As a general principle, more specific settings override less specific settings.</p>
@@ -835,14 +851,17 @@
<section id="logged-in">
<h3>Logged In Transactions</h3>
-<p class=issue><a href="http://www.w3.org/2011/tracking-protection/track/issues/65">ISSUE-65</a> : How does logged in and logged out state work</p>
+<p class="note">Add note that we may be able to handle this section entirely within the consent definition, rather than calling it out; potentially thought an example in the consent section. Concern about UI creep.</p>
+<p class="issue"><a href="http://www.w3.org/2011/tracking-protection/track/issues/65">ISSUE-65</a> : How does logged in and logged out state work</p>
-<p class=note>I believe we have consensus that the spec should be silent on the relevance of "logged-in" versus "logged-out" state. I am deleting the various options on this issue, but we can revisit if people object.</p>
+<p class="note">I believe we have consensus that the spec should be silent on the relevance of "logged-in" versus "logged-out" state. I am deleting the various options on this issue, but we can revisit if people object.</p>
</section></section>
<section id=bad-UA>
<h3>Disregarding Non-Compliant User Agents</h3>
+<p class="note">Add note about the state of discussion here, potentially reorder the options, and options to address this in TPE and response header, with silence in the compliance doc; Issue 65/93 results here? Check
+</p>
<p class=option>Third parties MUST NOT disregard DNT:1 headers whose syntax is correctly formed even if the third party does not believe that the DNT:1 header was set with the explicit and informed consent of the user.</p>
<p class=option>If the operator of a third-party domain has a good faith belief that a user agent is sending a DNT:1 without the explicit and informed consent of the user, the operator MAY disregard the DNT:1 header and collect, use, and retain information about the user as if no DNT signal had been sent. If the operator disregards the DNT signal, the operator MUST signal to the user agent that it is disregarding the header as described in the companion [[!!DNT-TRACKING]] document.</p>
<p class=option>No provision on Disregarding Non-Compliant User Agents.</p></section>
@@ -850,18 +869,19 @@
<section id="degrade">
<h3>Degrading User Experience for DNT:1 users</h3>
-<p class="note">Heather:I thought we had consensus that it's fine to degrade the experience for DNT:1 transactions, but need to find the text.</p>
+<p class="note">I thought we had consensus that it's fine to degrade the experience for DNT:1 transactions, but need to find the text.</p>
<p class="issue"><a href="http://www.w3.org/2011/tracking-protection/track/issues/93">ISSUE-93</a> : Should 1st parties be able to degrade a user experience or charge money for content based on DNT?</p>
</section>
-<section id=enforcement>
+<section id="enforcement">
<h3>Public Discosure of Compliance</h3>
<p class="note">Final wording awaits how the response is designed in the <a href="http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html#bib-TRACKING-DNT">TRACKING-DNT</a> recommendation, but we agree upon the general direction below.</p>
<p>In order to be in compliance with this specification, a third party must make a public commitment that it complies with this standard. A "public commitment" may consist of a statement in a privacy policy, a response header, a machine-readable tracking status resource at a well-known location, or any other reasonable means. This standard does not require a specific form of public commitment.</p>
<section id="3p-audit">
<h4>Third Party Auditing</h4>
+<p class="note">Add reference to TPE, or potentially move to TPE; add reference to audit array from Action 219</p>
<p class="issue"><a href="http://www.w3.org/2011/tracking-protection/track/issues/21">ISSUE-21</a> : Enable external audit of DNT compliance</p>
<p class="note">We have reviewed one audit proposal that we declined to adopt as mandatory, but there is significant support to include a flexible option to enable auditing. We may include a smaller-scoped proposal in the future, or may drop auditing all together.</p>
</section></section>
@@ -872,7 +892,7 @@
<p>The DNT header field is based on the original Do Not Track submission by Jonathan Mayer (Stanford), Arvind Narayanan (Stanford), and Sid Stamm (Mozilla). The DOM API for NavigatorDoNotTrack is based on the Web Tracking Protection submission by Andy Zeigler, Adrian Bateman, and Eliot Graff (Microsoft). Many thanks to Robin Berjon for ReSpec.js.</p>
</section>
-<section id="FIXME">
+<section id="references">
<h2>References</h2><h3>B.1 Normative references</h3>
<p>[HTTP11</p>
<p>R. Fielding; et al. <a href="http://www.ietf.org/rfc/rfc2616.txt">Hypertext Transfer Protocol - HTTP/1.1.</a> June 1999. Internet RFC 2616. URL: <a href="http://www.ietf.org/rfc/rfc2616.txt">http://www.ietf.org/rfc/rfc2616.txt</a></p>
Received on Monday, 23 July 2012 01:34:48 UTC