CVS WWW/2011/tracking-protection/drafts

Update of /w3ccvs/WWW/2011/tracking-protection/drafts
In directory gil:/tmp/cvs-serv1328

Modified Files:
	tracking-compliance-june.html 
Log Message:
add issue pointers, update ack

--- /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-compliance-june.html	2013/06/10 19:54:46	1.2
+++ /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-compliance-june.html	2013/06/15 00:59:23	1.3
@@ -1,7 +1,10 @@
 <!DOCTYPE html>
-<html dir="ltr" lang="en"><head>
+<html lang="en" dir="ltr">
+<head>
   <title>Tracking Compliance and Scope - June Draft</title>
-  <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+  <meta http-equiv="Content-Type" content="text/html;charset=utf-8">
+  
+  
   <style>/* --- ISSUES/NOTES --- */
 div.issue-title, div.note-title {
     padding-right:  1em;
@@ -39,7 +42,9 @@
     border-color: #52e052;
     background: #e9fbe9;
 }
-</style>
+
+
+</style><link rel="stylesheet" href="additional.css" type="text/css" media="screen" title="custom formatting for TPWG editors">
 <style>/*****************************************************************
  * ReSpec 3 CSS
  * Robin Berjon - http://berjon.com/
@@ -149,14 +154,14 @@
 .section dl.attrs dd, .section dl.eldef dd {
     margin-bottom:  0;
 }
-</style><link href="http://www.w3.org/StyleSheets/TR/w3c-unofficial.css" rel="stylesheet"></head>
+</style><link href="http://www.w3.org/StyleSheets/TR/w3c-unofficial" rel="stylesheet"><!--[if lt IE 9]><script src='http://www.w3.org/2008/site/js/html5shiv.js'></script><![endif]--></head>
 <body class="h-entry"><div class="head">
   <p>
     
   </p>
   <h1 class="title p-name" id="title">Tracking Compliance and Scope - June Draft</h1>
   
-  <h2 id="unofficial-draft-09-june-2013">Unofficial Draft <time class="dt-published" datetime="2013-06-09">09 June 2013</time></h2>
+  <h2 id="unofficial-draft-14-june-2013">Unofficial Draft <time class="dt-published" datetime="2013-06-14">14 June 2013</time></h2>
   <p class="copyright">
     <a href="http://www.w3.org/Consortium/Legal/ipr-notice#Copyright">Copyright</a> © 
     2013
@@ -190,12 +195,8 @@
   <section id="scope-and-goals">
     <!--OddPage--><h2><span class="secno">1. </span>Scope</h2>
 
-    <p>Do Not Track is designed to provide users with a simple 
-preference expression mechanism to allow or limit online tracking 
-globally or selectively.</p>
-	<p>The specification applies to compliance with requests through user 
-agents that (1) can access the general browsable Web; (2) have a user 
-interface that satisfies the requirements in <a href="http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#determining">Determining User Preference</a> in the [<cite><a href="#bib-TRACKING-DNT" class="bibref">TRACKING-DNT</a></cite>] specification; (3) and can implement all of the [<cite><a href="#bib-TRACKING-DNT" class="bibref">TRACKING-DNT</a></cite>] specification, including the mechanisms for communicating a tracking status, and the user-granted exception mechanism.</p>
+    <p>Do Not Track is designed to provide users with a simple preference expression mechanism to allow or limit online tracking globally or selectively.</p>
+	<p>The specification applies to compliance with requests through user agents that (1) can access the general browsable Web; (2) have a user interface that satisfies the requirements in <a href="http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#determining">Determining User Preference</a> in the [<cite><a href="#bib-TRACKING-DNT" class="bibref">TRACKING-DNT</a></cite>] specification; (3) and can implement all of the [<cite><a href="#bib-TRACKING-DNT" class="bibref">TRACKING-DNT</a></cite>] specification, including the mechanisms for communicating a tracking status, and the user-granted exception mechanism.</p>
   </section>
 
   <section id="definitions">
@@ -271,6 +272,7 @@
         Simple branding of a party, without more, will not be sufficient to
         make that party a first party in any particular network interaction.
 			</p>
+			<div class="issue"><div aria-level="3" class="issue-title" role="heading"><a href="http://www.w3.org/2011/tracking-protection/track/issues/10"><span>Issue 10</span></a>: What is a first party?</div><p class=""></p></div>
 		  <p id="third-party">
 				A <dfn id="dfn-third-party">third party</dfn> is any party other than a first party,
         service provider, or the user.
@@ -296,11 +298,13 @@
           re-identify the data.
 				</li>
 			</ol>
+			<div class="issue"><div aria-level="3" class="issue-title" role="heading"><a href="http://www.w3.org/2011/tracking-protection/track/issues/188"><span>Issue 188</span></a>: Definition of de-identified (or previously, unlinkable) data</div><p class=""></p></div>
 			<p id="def-tracking">
 				<dfn id="dfn-tracking">Tracking</dfn> is the retention or use, after a network
          interaction is complete, of data records that are, or can be,
          associated with a specific user, user agent, or device.
 			</p>
+			<div class="issue"><div aria-level="3" class="issue-title" role="heading"><a href="http://www.w3.org/2011/tracking-protection/track/issues/5"><span>Issue 5</span></a>: What is the definition of tracking?</div><p class=""></p></div>
         <p id="def-collection">
 					A party <dfn id="dfn-collects">collects</dfn> data if it receives the data and shares
           the data with other parties or stores the data for more than a
@@ -318,10 +322,14 @@
 					A party <dfn id="dfn-shares">shares</dfn> data if the party enables another party to
           receive or access that data.
 				</p>
+				<div class="issue"><div aria-level="3" class="issue-title" role="heading"><a href="http://www.w3.org/2011/tracking-protection/track/issues/16"><span>Issue 16</span></a>: What does it mean to collect data? (caching, logging, storage, retention, accumulation, profile etc.)</div><p class=""></p></div>
 	</section> <!-- end definitions -->
 	<section id="user-agent-compliance">
     <!--OddPage--><h2><span class="secno">3. </span>User Agent Compliance</h2>
-
+      <div class="issue"><div aria-level="3" class="issue-title" role="heading"><a href="http://www.w3.org/2011/tracking-protection/track/issues/132"><span>Issue 132</span></a>: Should the spec speak to intermediaries or hosting providers to modify any responses/statements about DNT compliance?</div><p class=""></p></div>
+      <div class="issue"><div aria-level="3" class="issue-title" role="heading"><a href="http://www.w3.org/2011/tracking-protection/track/issues/151"><span>Issue 151</span></a>: User Agent Requirement: Be able to handle an exception request</div><p class=""></p></div>
+      <div class="issue"><div aria-level="3" class="issue-title" role="heading"><a href="http://www.w3.org/2011/tracking-protection/track/issues/172"><span>Issue 172</span></a>: How should user agents be required to provide information about DNT?</div><p class=""></p></div>
+      <div class="issue"><div aria-level="3" class="issue-title" role="heading"><a href="http://www.w3.org/2011/tracking-protection/track/issues/194"><span>Issue 194</span></a>: How should we ensure consent of users for DNT inputs?</div><p class=""></p></div>
 			<p>
 				A user agent <em title="MUST" class="rfc2119">MUST</em> offer users a minimum of two alternative choices for a Do Not Track preference: unset or DNT: 1. A user agent <em title="MAY" class="rfc2119">MAY</em> offer a third alternative choice: DNT: 0.
 			</p>
@@ -332,29 +340,20 @@
 				A user agent <em title="MUST" class="rfc2119">MUST</em> have a default tracking preference of unset (not enabled).
 			</p>
 			<p>
-				User agents and web sites are responsible for determining the user 
-experience by which a tracking preference is controlled. User agents and
- web sites <em title="MUST" class="rfc2119">MUST</em> ensure that 
-tracking preference choices are communicated to users clearly and 
-accurately and shown at the time and place the tracking preference 
-choice is made available to a user.  User agents and web sites <em title="MUST" class="rfc2119">MUST</em> ensure that the tracking preference choices describe the parties to whom DNT applies and <em title="MUST" class="rfc2119">MUST</em> make available brief and neutral explanatory text to provide more detailed information about DNT functionality.
+				User agents and web sites are responsible for determining the user experience by which a tracking preference is controlled. User agents and web sites <em title="MUST" class="rfc2119">MUST</em> ensure that tracking preference choices are communicated to users clearly and accurately and shown at the time and place the tracking preference choice is made available to a user.  User agents and web sites <em title="MUST" class="rfc2119">MUST</em> ensure that the tracking preference choices describe the parties to whom DNT applies and <em title="MUST" class="rfc2119">MUST</em> make available brief and neutral explanatory text to provide more detailed information about DNT functionality.
 			</p>
 			<p>
 				That text <em title="MUST" class="rfc2119">MUST</em> indicate that:
 			</p>
 			<ol>
 				<li>
-					if the tracking preference is communicated, it limits collection 
-and use of web viewing data for certain advertising and other purposes;
+					if the tracking preference is communicated, it limits collection and use of web viewing data for certain advertising and other purposes;
 				</li>
 				<li>
-					when DNT is enabled, some data may still be collected and used for 
-certain purposes, and a description of such purposes; and
+					when DNT is enabled, some data may still be collected and used for certain purposes, and a description of such purposes; and
 				</li>
 				<li>
-					if a user affirmatively allows a particular party to collect and 
-use information about web viewing activities, enabling DNT will not 
-limit collection and use from that party.
+					if a user affirmatively allows a particular party to collect and use information about web viewing activities, enabling DNT will not limit collection and use from that party.
 				</li>
 			</ol>
 			<p>
@@ -382,6 +381,7 @@
 		<p>
 			First parties <em title="MAY" class="rfc2119">MAY</em> elect to follow third party practices.
 		</p>
+		<div class="issue"><div aria-level="3" class="issue-title" role="heading"><a href="http://www.w3.org/2011/tracking-protection/track/issues/170"><span>Issue 170</span></a>: Definition of and what/whether limitations around data append and first parties</div><p class=""></p></div>
 	</section>
   <section id="third-party-compliance">
     <!--OddPage--><h2><span class="secno">5. </span>Third Party Compliance</h2>
@@ -435,6 +435,7 @@
       of ads shown as part of the same network interaction is not restricted
       by DNT: 1.
 		</p>
+		<div class="issue"><div aria-level="3" class="issue-title" role="heading"><a href="http://www.w3.org/2011/tracking-protection/track/issues/134"><span>Issue 134</span></a>: Would we additionally permit logs that are retained for a short enough period?</div><p class=""></p></div>
 		<p>
 			It is outside the scope of this specification to control the collection
       and use of de-identified data.
@@ -465,6 +466,7 @@
 
         <section id="data-minimization-and-transparency">
           <h4><span class="secno">5.1.2 </span>Data Minimization, Retention and Transparency</h4>
+          <div class="issue"><div aria-level="5" class="issue-title" role="heading"><a href="http://www.w3.org/2011/tracking-protection/track/issues/31"><span>Issue 31</span></a>: Minimization -- to what extent will minimization be required for use of a particular exemption?</div><p class=""></p></div>
           <p>
               Data retained by a party for permitted uses <em title="MUST" class="rfc2119">MUST</em> be limited to
               the data reasonably necessary for such permitted uses. Such data
@@ -512,34 +514,24 @@
 				Regardless of DNT signal, information <em title="MAY" class="rfc2119">MAY</em> be collected, retained and used to limit the number of times that a user sees a particular advertisement, often called <dfn id="dfn-frequency-capping">frequency capping</dfn>, as long as the data retained do not reveal the user’s browsing history. Parties <em title="MUST NOT" class="rfc2119">MUST NOT</em> construct profiles of users or user behaviors based on their ad frequency history, or otherwise alter the user’s experience.
 			</p>
 			<p id="financial-logging">
-				Regardless of DNT signal, information <em title="MAY" class="rfc2119">MAY</em> be collected, retained and used for <dfn id="dfn-billing-and-auditing">billing and auditing</dfn>
- related to the current network interaction and concurrent transactions.
- This may include counting ad impressions to unique visitors, verifying 
-positioning and quality of ad impressions and auditing compliance with 
-this and other standards.
+				Regardless of DNT signal, information <em title="MAY" class="rfc2119">MAY</em> be collected, retained and used for <dfn id="dfn-billing-and-auditing">billing and auditing</dfn> related to the current network interaction and concurrent transactions. This may include counting ad impressions to unique visitors, verifying positioning and quality of ad impressions and auditing compliance with this and other standards.
 			</p>
 			<p id="security">
-				To the extent proportionate and reasonably necessary for <dfn id="dfn-detecting-security-risks-and-fraudulent-or-malicious-activity">detecting security risks and fraudulent or malicious activity</dfn>, parties <em title="MAY" class="rfc2119">MAY</em>
- collect, retain, and use data regardless of a DNT signal. This includes
- data reasonably necessary for enabling authentication/verification, 
-detecting hostile and invalid transactions and attacks, providing fraud 
-prevention, and maintaining system integrity. In the context of this 
-specific permitted use, this information <em title="MAY" class="rfc2119">MAY</em> be used to alter the user's experience in order to reasonably keep a service secure or prevent fraud.
+				To the extent proportionate and reasonably necessary for <dfn id="dfn-detecting-security-risks-and-fraudulent-or-malicious-activity">detecting security risks and fraudulent or malicious activity</dfn>, parties <em title="MAY" class="rfc2119">MAY</em> collect, retain, and use data regardless of a DNT signal. This includes data reasonably necessary for enabling authentication/verification, detecting hostile and invalid transactions and attacks, providing fraud prevention, and maintaining system integrity. In the context of this specific permitted use, this information <em title="MAY" class="rfc2119">MAY</em> be used to alter the user's experience in order to reasonably keep a service secure or prevent fraud.
 			</p>
+			<div class="issue"><div aria-level="4" class="issue-title" role="heading"><a href="http://www.w3.org/2011/tracking-protection/track/issues/24"><span>Issue 24</span></a>: Possible exemption for fraud detection and defense</div><p class=""></p></div>
 			<p id="debugging">
 				Regardless of DNT signal, information <em title="MAY" class="rfc2119">MAY</em> be collected, retained and used for <dfn id="dfn-debugging-purposes">debugging purposes</dfn> to identify and repair errors that impair existing intended functionality.
 			</p>
 			<div class="note"><div aria-level="4" class="note-title" role="heading"><span>Note</span></div><p class="">
 				Expecting further text on <dfn id="dfn-audience-measurement">audience measurement</dfn>.
 			</p></div>
+			<div class="issue"><div aria-level="4" class="issue-title" role="heading"><a href="http://www.w3.org/2011/tracking-protection/track/issues/25"><span>Issue 25</span></a>: How is audience measurement adressed under DNT? (permitted use or otherwise)</div><p class=""></p></div>
 		</section>
 		<section id="geolocation">
       <h3><span class="secno">5.3 </span>Third Party Geolocation Compliance</h3>
     	<p>
-				If a third party is part of a network interaction with a DNT: 1 signal, then geolocation data <em title="MUST NOT" class="rfc2119">MUST NOT</em>
- be used in that interaction at any level more granular than postal 
-code, unless specific consent has been granted for the use of more 
-granular location data.
+				If a third party is part of a network interaction with a DNT: 1 signal, then geolocation data <em title="MUST NOT" class="rfc2119">MUST NOT</em> be used in that interaction at any level more granular than postal code, unless specific consent has been granted for the use of more granular location data.
 			</p>
 		</section>
 	</section>
@@ -592,28 +584,24 @@
 	<section id="unknowing-collection">
 		<!--OddPage--><h2><span class="secno">8. </span>Unknowing Collection</h2>
 		<p>
-			If a party learns that it possesses information in violation of this standard, it <em title="MUST" class="rfc2119">MUST</em>,
- where reasonably feasible, delete or de-identify that information at 
-the earliest practical opportunity, even if it was previously unaware of
- such information practices despite reasonable efforts to understand its
- information practices.
+			If a party learns that it possesses information in violation of this standard, it <em title="MUST" class="rfc2119">MUST</em>, where reasonably feasible, delete or de-identify that information at the earliest practical opportunity, even if it was previously unaware of such information practices despite reasonable efforts to understand its information practices.
 		</p>
 	</section>
   <section id="acknowledgements" class="appendix">
     <!--OddPage--><h2><span class="secno">A. </span>Acknowledgements</h2>
-
     <p>
       This specification consists of input from many discussions within and
       around the W3C Tracking Protection Working Group, along with written
       contributions from Haakon Flage Bratsberg (Opera Software), Amy Colando
-      (Microsoft Corporation), Roy T. Fielding (Adobe), Tom Lowenthal
-      (Mozilla), Ted Leung (The Walt Disney Company), Jonathan Mayer
-      (Stanford University), Ninja Marnau (Invited Expert), Matthias Schunter
-      (IBM), John M. Simpson (Invited Expert), Kevin G. Smith (Adobe),
-      Rob van Eijk (Invited Expert), David Wainberg (Network Advertising
-      Initiative), Rigo Wenning (W3C), and Shane Wiley (Yahoo!).
+      (Microsoft Corporation), Nick Doty (W3C), Roy T. Fielding (Adobe),
+      Yianni Lagos (Future of Privacy Forum), Tom Lowenthal (Mozilla), Ted
+      Leung (The Walt Disney Company), Jonathan Mayer (Stanford University),
+      Ninja Marnau (Invited Expert), Thomas Roessler (W3C), Matthias Schunter
+      (IBM), Wendy Seltzer (W3C), John M. Simpson (Invited Expert), Kevin G.
+      Smith (Adobe), Peter Swire (Invited Expert), Rob van Eijk (Invited
+      Expert), David Wainberg (Network Advertising Initiative), Rigo Wenning
+      (W3C), and Shane Wiley (Yahoo!).
     </p>
-
     <p>
       The DNT header field is based on the original Do Not Track submission
       by Jonathan Mayer (Stanford), Arvind Narayanan (Stanford), and
@@ -624,6 +612,6 @@
   </section>
 
 
-<section class="appendix" id="references"><!--OddPage--><h2><span class="secno">B. </span>References</h2><section id="normative-references"><h3><span class="secno">B.1 </span>Normative references</h3><dl class="bibliography"><dt id="bib-HTTP11">[HTTP11]</dt><dd>R. Fielding et al. <a href="http://www.ietf.org/rfc/rfc2616.txt"><cite>Hypertext Transfer Protocol - HTTP/1.1</cite></a>. June 1999. RFC 2616. URL: <a href="http://www.ietf.org/rfc/rfc2616.txt">http://www.ietf.org/rfc/rfc2616.txt</a>
+<section class="appendix" id="references"><!--OddPage--><h2><span class="secno">B. </span>References</h2><section id="normative-references"><h3><span class="secno">B.1 </span>Normative references</h3><dl class="bibliography"><dt id="bib-HTTP11">[HTTP11]</dt><dd>R. Fielding et al. <a href="http://www.ietf.org/rfc/rfc2616.txt"><cite>Hypertext Transfer Protocol - HTTP/1.1</cite></a>. June 1999. RFC. URL: <a href="http://www.ietf.org/rfc/rfc2616.txt">http://www.ietf.org/rfc/rfc2616.txt</a>
 </dd><dt id="bib-TRACKING-DNT">[TRACKING-DNT]</dt><dd>Roy T. Fielding; David Singer. <a href="http://www.w3.org/TR/tracking-dnt/"><cite>Tracking Preference Expression (DNT)</cite></a>. 02 October 2012. W3C Working Draft. URL: <a href="http://www.w3.org/TR/tracking-dnt/">http://www.w3.org/TR/tracking-dnt/</a>
 </dd></dl></section></section></body></html>
\ No newline at end of file

Received on Saturday, 15 June 2013 00:59:24 UTC