- From: CVS User jbrookma <cvsmail@w3.org>
- Date: Tue, 25 Jun 2013 22:35:16 +0000
- To: public-tracking-commit@w3.org
Update of /w3ccvs/WWW/2011/tracking-protection/drafts In directory gil:/tmp/cvs-serv14175/w3.org/WWW/2011/tracking-protection/drafts Modified Files: tracking-compliance.html Log Message: adding headers, move geolocation compliance, replace DNT Signal with DNT:1 --- /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-compliance.html 2013/06/22 00:10:44 1.96 +++ /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-compliance.html 2013/06/25 22:35:16 1.97 @@ -56,26 +56,38 @@ <section id="definitions"> <h2>Definitions</h2> - <p id="def-user"> + + <section id=user> + <h3>User</h3> + <p> A <dfn>user</dfn> is an individual human. When user agent software accesses online resources, whether or not the user understands or has specific knowledge of a particular request, that request is "made by the user." - </p> - <p id="def-user-agent"> + </p></section> + + <section id=user-agent"> + <h3>User Agent</h3> + <p> The term <dfn>user agent</dfn> refers to any of the various client programs capable of initiating HTTP requests, including but not limited to browsers, spiders (web-based robots), command-line tools, native applications, and mobile apps [[!HTTP11]]. - </p> - <p id="def-network-transaction"> + </p></section> + + <section id=network-transaction> + <h3>Network Transaction</h3> + <p> A <dfn>network interaction</dfn> is the set of HTTP requests and responses, or any other sequence of logically related network traffic caused by a user visit to a single web page or similar single action. Page re-loads, navigation, and refreshing of content cause a new network interaction to commence. - </p> - <p id="def-party"> + </p></section> + + <section id=party> + <h3>Party</h3> + <p> A <dfn>party</dfn> is any commercial, nonprofit, or governmental organization, a subsidiary or unit of such an organization, or a person. For unique corporate entities to qualify as a common party @@ -84,7 +96,10 @@ affiliate organizations. A list of affiliates MUST be available through a single user interaction from each page, for example, by following a single link, or through a single click. - </p> + </p></section> + + <section id=service-provider> + <h3>Service Provider</h3> <p id="def-service-providers"> An outsourced <dfn>service provider</dfn> is considered to be the same party as its client if the service provider: @@ -98,8 +113,11 @@ of the service being provided; and</li> <li>has a contract in place that outlines and mandates these requirements.</li> - </ol> - <p id="first-party"> + </ol></section> + + <section id=first-party> + <h3>First Party</h3> + <p> In the context of a specific network interaction, the <dfn>first party</dfn> is the party with which the user intentionally interacts. In most cases on a traditional web browser, the first party will be @@ -128,15 +146,22 @@ make that party a first party in any particular network interaction. </p> <p class="issue" data-number="10" title="What is a first party?"></p> - <p id="third-party"> + </section> + + <section id=third-party> + <h3>Third Party</h3> + <p> A <dfn>third party</dfn> is any party other than a first party, service provider, or the user. </p> <p> Whether a party is a first or third party is determined within and limited to a specific network interaction. - </p> - <p id="def-unlinkable"> + </p></section> + + <section id=deidentified> + <h3>Deidentified</h3> + <p> Data is <dfn>deidentified</dfn> when a party: </p> <ol> @@ -154,7 +179,11 @@ </li> </ol> <p class="issue" data-number="188" title="Definition of de-identified (or previously, unlinkable) data"></p> - <p id="def-tracking"> + </section> + + + <section id=tracking> + <p> <dfn>Tracking</dfn> is the retention or use, after a network interaction is complete, of data records that are, or can be, associated with a specific user, user agent, or device. @@ -178,7 +207,7 @@ receive or access that data. </p> <p class="issue" data-number="16" title="What does it mean to collect data? (caching, logging, storage, retention, accumulation, profile etc.)"></p> - </section> <!-- end definitions --> + </section></section> <!-- end definitions --> <section id="user-agent-compliance"> <h3>User Agent Compliance</h3> <p class="issue" data-number="132" title="Should the spec speak to intermediaries or hosting providers to modify any responses/statements about DNT compliance?"></p> @@ -294,6 +323,16 @@ <p> It is outside the scope of this specification to control the collection and use of de-identified data. + + <section id="geolocation"> + <h3>Third Party Geolocation Compliance</h3> + <p> + If a third party is part of a network interaction with a DNT: 1 signal, then geolocation data MUST NOT + be used in that interaction at any level more granular than postal code, unless specific consent has been + granted for the use of more granular location data. + </p> + </section> + </p> <section id="permitted-use-requirements"> @@ -365,30 +404,53 @@ <section id="permitted-uses"> <h3>Permitted Uses</h3> - <p id="frequency-capping"> - Regardless of DNT signal, information MAY be collected, retained and used to limit the number of times that a user sees a particular advertisement, often called <dfn>frequency capping</dfn>, as long as the data retained do not reveal the user’s browsing history. Parties MUST NOT construct profiles of users or user behaviors based on their ad frequency history, or otherwise alter the user’s experience. - </p> - <p id="financial-logging"> - Regardless of DNT signal, information MAY be collected, retained and used for <dfn>billing and auditing</dfn> related to the current network interaction and concurrent transactions. This may include counting ad impressions to unique visitors, verifying positioning and quality of ad impressions and auditing compliance with this and other standards. - </p> - <p id="security"> - To the extent proportionate and reasonably necessary for <dfn>detecting security risks and fraudulent or malicious activity</dfn>, parties MAY collect, retain, and use data regardless of a DNT signal. This includes data reasonably necessary for enabling authentication/verification, detecting hostile and invalid transactions and attacks, providing fraud prevention, and maintaining system integrity. In the context of this specific permitted use, this information MAY be used to alter the user's experience in order to reasonably keep a service secure or prevent fraud. + + <section id=frequency-capping> + <h4>Frequency Capping</h4> + <p> + Regardless of DNT signal, information MAY be collected, retained and used to limit + the number of times that a user sees a particular advertisement, often called + <dfn>frequency capping</dfn>, as long as the data retained do not reveal the user’s + browsing history. Parties MUST NOT construct profiles of users or user behaviors based + on their ad frequency history, or otherwise alter the user’s experience. + </p></section> + + <section id=financial-logging> + <h4>Financial Logging</h4> + <p> + Regardless of DNT signal, information MAY be collected, retained and used for + <dfn>billing and auditing</dfn> related to the current network interaction and + concurrent transactions. This may include counting ad impressions to unique visitors, + verifying positioning and quality of ad impressions and auditing compliance with this + and other standards. + </p></section> + + <section id=security> + <h4>Security</h4> + <p> + To the extent proportionate and reasonably necessary for <dfn>detecting security risks and + fraudulent or malicious activity</dfn>, parties MAY collect, retain, and use data regardless + of a DNT signal. This includes data reasonably necessary for enabling authentication/verification, + detecting hostile and invalid transactions and attacks, providing fraud prevention, and maintaining + system integrity. In the context of this specific permitted use, this information MAY be used to + alter the user's experience in order to reasonably keep a service secure or prevent fraud. </p> <p class="issue" data-number="24" title="Possible exemption for fraud detection and defense"></p> - <p id="debugging"> - Regardless of DNT signal, information MAY be collected, retained and used for <dfn>debugging purposes</dfn> to identify and repair errors that impair existing intended functionality. + </section> + + <section id=debugging> + <h4>Debugging</h4> + <p> + Regardless of DNT signal, information MAY be collected, retained and used for + <dfn>debugging purposes</dfn> to identify and repair errors that impair existing intended + functionality. </p> <p class="note"> Expecting further text on <dfn>audience measurement</dfn>. - </p> + </p></section> <p class="issue" data-number="25" title="How is audience measurement adressed under DNT? (permitted use or otherwise)"></p> </section> - <section id="geolocation"> - <h4>Third Party Geolocation Compliance</h4> - <p> - If a third party is part of a network interaction with a DNT: 1 signal, then geolocation data MUST NOT be used in that interaction at any level more granular than postal code, unless specific consent has been granted for the use of more granular location data. - </p> - </section> + </section> <section id="user-granted-exceptions"> <h2>User-Granted Exceptions</h2> @@ -428,9 +490,9 @@ <ol start="1"> <li>No DNT Signal / No Opt-Out: Treat as DNT unset</li> - <li>DNT Signal / No Opt-Out: Treat as DNT: 1</li> + <li>DNT:1 Signal / No Opt-Out: Treat as DNT: 1</li> - <li>Opt-Out / No DNT Signal: Treat as DNT: 1</li> + <li>Opt-Out / No DNT:1 Signal: Treat as DNT: 1</li> <li>Opt-Out / DNT User-Granted Exception: Treat as DNT: 0 for that site; DNT User-Granted Exception is honored</li>
Received on Tuesday, 25 June 2013 22:35:17 UTC