- From: CVS User npdoty <cvsmail@w3.org>
- Date: Tue, 09 Apr 2013 18:08:17 +0000
- To: public-tracking-commit@w3.org
Update of /w3ccvs/WWW/2011/tracking-protection/drafts
In directory gil:/tmp/cvs-serv13496
Modified Files:
tracking-compliance.html
Log Message:
fixing some of the html and formatting errors
--- /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-compliance.html 2013/04/09 17:51:24 1.88
+++ /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-compliance.html 2013/04/09 18:08:17 1.89
@@ -148,15 +148,13 @@
<section id="scope-and-goals">
<h2>Scope and Goals</h2>
- This specification is designed to provide users a simple machine-readable
+ <p>This specification is designed to provide users a simple machine-readable
preference expression mechanism to globally or selectively allow or limit
- online tracking.
- "Tracking" is understood by this standard as the collection and
+ online tracking.</p>
+ <p>"Tracking" is understood by this standard as the collection and
retention of data across multiple parties' domains or services in a form
- such that it can be attributed to a specific user, user agent, or device.
- </p>
-
- <p class=note>The scope language is not at consensus, but is an effort by
+ such that it can be attributed to a specific user, user agent, or device.</p>
+ <p class="note">The scope language is not at consensus, but is an effort by
the editors to offer a provisional definition of tracking.</p>
<!-- <p>
While there are a variety of business models to monetize content on the
@@ -353,14 +351,13 @@
<section id="def-service-providers">
<h4>Service Providers</h4>
-
-
-
- Outsourced service providers are considered to be the same party as their
- clients if the outsourced service providers only act as data processors on
- behalf of that party in relation to that party, silo the data so that it
- cannot be accessed by other parties, and have no control over the use or
- sharing of that data except as directed by that party.
+ <p>
+ Outsourced service providers are considered to be the same party as their
+ clients if the outsourced service providers only act as data processors on
+ behalf of that party in relation to that party, silo the data so that it
+ cannot be accessed by other parties, and have no control over the use or
+ sharing of that data except as directed by that party.
+ </p>
<p class="note">
The working group is continuing to fine tune the defintion of service
@@ -377,14 +374,12 @@
<p class="note">hwest to propose an alternative definition of first
party (based on ownership? alternative to inference?) [recorded in
http://www.w3.org/2012/07/11-dnt-minutes.html#action01]</p>
---->
+-->
</section>
- <section id=first-party>
+ <section id="first-party">
<h3>First Party</h3>
-
-
<p>In a specific network interaction, a party with which the user intentionally
interacts is a <dfn>first party</dfn>. In most cases on a traditional web
browser, the first party will be the party that owns and operates the domain
@@ -394,8 +389,8 @@
user merely mouses over, closes, or mutes such content, that is not sufficient
interaction to render the party a first party.</p>
- <section id=multiple-first-parties>
- <h4>Multiple First Parties>
+ <section id="multiple-first-parties">
+ <h4>Multiple First Parties</h4>
<p>In most network interactions, there will be only one first party with which
the user intends to interact. However, in some cases, a network resource will
@@ -408,13 +403,13 @@
interact by accessing the resource. Simple branding of a party that merely
serves as a service provider to the single entity providing a resource will not
be sufficient to make that party a first party in any particular network
- interaction.
+ interaction.</p>
- <p class=note>The language on multiple first parties is not yet at consensus.</p>
- </section>
+ <p class="note">The language on multiple first parties is not yet at consensus.</p>
</section>
+ </section>
- <section id=third-party>
+ <section id="third-party">
<h3>Third Party</h3>
<p>In a specific network interaction, any entity that is not the user,
@@ -713,12 +708,12 @@
sequence of logically related network traffic.
</p>
- <!--- <p class="informative">
+ <!-- <p class="informative">
Non-normative explanatory text: Determination of a party's status is
limited to a single interaction because a party's status may be
affected by time, context, or any other factor that influences user
expectations.
- </p> --->
+ </p> -->
</section>
<section id="def-collection">
@@ -752,7 +747,7 @@
party did not cause to be transmitted, such as protocol headers.
</p>
- <p class=option>Alternative: A party "collects" data when it assembles
+ <p class="option">Alternative: A party "collects" data when it assembles
data from or about one or more network interactions
and retains or shares that data beyond the scope of responding
to the current request or in a form that remains linkable to a
@@ -924,7 +919,6 @@
<section class="option" id="def-consent-silence">
<h4>Option 2: Silence</h4>
-
<p>
No definition, other than explicitly leaving the definition of
consent to local rules.
@@ -935,7 +929,6 @@
<section id="first-party-compliance">
<h3>First Party Compliance</h3>
-
<p>
If a first party receives a network transaction to which a DNT:1 header
is attached, First Parties may engage in their normal collection and
@@ -1028,7 +1021,7 @@
<p class="issue" data-number="88" title="different rules for impression of and interaction with 3rd-party ads/content"></p>
-->
-<section id="geolocation">
+ <section id="geolocation">
<h4>Geolocation compliance by a third party</h4>
<p class="note">
@@ -1043,7 +1036,6 @@
<p class="note">Make sure that elements of user agent aren’t in geolocation
section; revisit invasive behavior example </p>
-->
-
<p class="issue" data-number="39" title="Tracking of geographic data (however it's determined, or used)"></p>
<p>
If the operator of a third-party domain receives a communication to
@@ -1106,7 +1098,7 @@
ephemerally.
</p>
</section> -->
-
+ </section>
<section id="permitted-uses">
<h3>Permitted Operational Uses for Third Parties</h3>
@@ -1223,7 +1215,6 @@
<section id="reasonable-security">
<h5>Reasonable Security</h5>
-
<p>
Third parties MUST use reasonable technical and organizational
safeguards to prevent further processing of data retained for
@@ -1349,7 +1340,7 @@
domain that the user visited.
</p>
-<!--- <section class="informative" id="contextual-example">
+<!-- <section class="informative" id="contextual-example">
<h6>Examples</h6>
</section>
@@ -1375,7 +1366,7 @@
about the domain of the news site in order to render weather
information related to the city which ExampleLocalNews reports
on.</li>
- </ol> --->
+ </ol> -->
</section>
<section id="first-party-data">
@@ -1389,7 +1380,7 @@
user when acting as a first party.
</p>
- <p class=note>This text may be revised to offer two alternatives:
+ <p class="note">This text may be revised to offer two alternatives:
first parties can use any data to offer content in the third party
context, or first parties can only use declared data to offer
content in the third party context. Shane Wiley has proposed
@@ -1433,7 +1424,7 @@
profile, and may only retain and use information about that
fact for a permitted operational use.</li>
</ol>
- </section> --->
+ </section> -->
</section>
<section id="frequency-capping">
@@ -1516,23 +1507,13 @@
the user's experience in order to reasonably keep a service secure or prevent
fraud. Graduated response is preferred when feasible.</p>
- <p=note>There has been an unresolved discussion on whether "graduated response"
+ <p class="note">There has been an unresolved discussion on whether "graduated response"
should be in the normative text, defined, addressed through non-normative examples,
or not included at all.</p>
-
-<!-- <section class="informative" id="security-example">
- <h6>Examples</h6>
-
- <p class="note">
- Add examples with and without outsourced parties (J- not sure
- what this means)
- </p>
- </section> -->
</section>
<section id="debugging">
<h5>Debugging</h5>
-
<p>
Information may be collected, retained
and used for identifying and repairing errors that impair
@@ -1573,20 +1554,22 @@
<p class="note">Add examples once we pick an option.</p>
-->
- <section id=audience-measurement>
+ <section id="audience-measurement">
<h5>Audience Measurement</h5>
- <p class=note>The group has recently debated whether to include a
+ <p class="note">The group has recently debated whether to include a
permitted use for the collection of third-party data to calibrate
audience measurement primarily conducted through the use of opt-in
- panels. The most recent proposal by ESOMAR is available here:
- http://lists.w3.org/Archives/Public/public-tracking/2013Mar/0335.html
+ panels. The <a href="http://lists.w3.org/Archives/Public/public-tracking/2013Mar/0335.html">most recent proposal by ESOMAR is available</a>,
but the language is not consensus, and the working group has not
- decided whether such a permitted use is even appropriate.</p></section>
+ decided whether such a permitted use is even appropriate.</p>
+ <p class="note">There had previously been an open debate about whether Aggregate Reporting
+ (including market research and product improvement) should be a dedicated Permitted Use.
+ The group has since decided to address this issue through the exception for Unlinkable Data.</p>
+ </section>
<section id="compliance">
<h5>Compliance With Local Laws and Public Purposes</h5>
-
<!-- <p class="note">
The group has generally agreed that companies can collect and
process data as required by local law despite the DNT:1 signal
@@ -1600,12 +1583,7 @@
Adherence to laws, legal and judicial process, and regulations take
precedence over this standard when applicable, but contractual
obligations do not.
- </p>
-
- <p class="note">There had previously been an open debate about whether Aggregate Reporting
- (including market research and product improvement) should be a dedicated Permitted Use.
- The group has since decided to address this issue through the exception for Unlinkable Data.</p>
-
+ </p>
</section>
</section>
@@ -1620,8 +1598,6 @@
-->
</section>
-
-
<section id="user-granted-exceptions">
<h2>User-Granted Exceptions</h2>
@@ -1641,9 +1617,9 @@
the companion [[!TRACKING-DNT]] document.
</p>
<p class="informative">This protocol does not define what constitutes explicit consent in any jurisdiction; check with your lawyer.</p>
- <p class="note">
+ <!-- <p class="note">
Figure out which parts of UGE belong in which document.
- </p>
+ </p> -->
<!--
<p class="issue" data-number="83" title="How do you opt out if already opted in? - pretty sure this belongs in the technical spec"></p>
<p class="issue" data-number="67" title="Should opt-back-in be stored on the client side? - pretty sure this belongs in the technical spec"></p>
@@ -1651,9 +1627,6 @@
<section id="interactions">
<h3>Interaction with existing user privacy controls</h3>
-<!--
-<p class="note">There may be text on this somewhere, from Seattle meeting</p>
--->
<p>
Multiple systems may be setting, sending, and receiving DNT and/or
Opt-Out signals at the same time, it'll be important to ensure
Received on Tuesday, 9 April 2013 19:45:27 UTC