- From: CVS User npdoty <cvsmail@w3.org>
- Date: Wed, 11 Sep 2013 22:05:37 +0000
- To: public-tracking-commit@w3.org
Update of /w3ccvs/WWW/2011/tracking-protection/drafts In directory gil:/tmp/cvs-serv13206/drafts Modified Files: tracking-compliance.html Log Message: fixing headings, markup, issue pointers; removes SOTD which I'll add to the WD snapshot but doesn't need to persist in the ongoing ED --- /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-compliance.html 2013/09/06 09:45:43 1.100 +++ /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-compliance.html 2013/09/11 22:05:37 1.101 @@ -35,19 +35,6 @@ title="custom formatting for TPWG editors"> </head> <body> - <section> - <h2>Status of this Document</h2> - <p>This document is the proposed starting point for a renewed effort to agree on the basic principles of complying with the DNT signals. To kick-off and focus our discussions, this text has proposed initial draft text as one alternative to resolve important issues. At this point in time, the contained text does not constitute consensus and also does not claim to indicate any preferred text of the group. It also does not yet cover all questions/issues that need to be addressed. It may further be augmented by adding non-normative text that provides more information. - </p> -<p> -To work on this outline towards a consensus recommendation, the Chair has proposed a plan that finalises the document by completing three tasks (Note: This is a non-normative version of our plan; the normative version of the plan will be emailed to the list): -<ol> -<li>Collect Issues: We will first ensure that a list of ISSUEs is completed that ensures that all important questions are on our radar.</li> -<li>Texting: We will furthermore ensure that all proposed alternative resolutions to these questions are documented in writing.</li> -<li>Agreeing: We will identify the text alternative that draws the least substantiated objections of the group.</li> -</ol> </p> -</section> - <section id="abstract"> <p> This specification defines the meaning of a Do Not Track (DNT) @@ -61,12 +48,13 @@ <p>Do Not Track is designed to provide users with a simple preference expression mechanism to allow or limit online tracking globally or selectively.</p> <p>The specification applies to compliance with requests through user agents that (1) can access the general browsable Web; (2) have a user interface that satisfies the requirements in <a href="http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#determining">Determining User Preference</a> in the [[!TRACKING-DNT]] specification; (3) and can implement all of the [[!TRACKING-DNT]] specification, including the mechanisms for communicating a tracking status, and the user-granted exception mechanism.</p> + <p class="issue" data-number="209" title="Description of scope of specification"></p> </section> <section id="definitions"> <h2>Definitions</h2> - <section id=user> + <section id="user"> <h3>User</h3> <p> A <dfn>user</dfn> is an individual human. When user agent software @@ -75,7 +63,7 @@ the user." </p></section> - <section id=user-agent"> + <section id="user-agent"> <h3>User Agent</h3> <p> The term <dfn>user agent</dfn> refers to any of the @@ -84,7 +72,7 @@ command-line tools, native applications, and mobile apps [[!HTTP11]]. </p></section> - <section id=network-transaction> + <section id="network-transaction"> <h3>Network Transaction</h3> <p> A <dfn>network interaction</dfn> is the set of HTTP requests and @@ -94,7 +82,7 @@ network interaction to commence. </p></section> - <section id=party> + <section id="party"> <h3>Party</h3> <p> A <dfn>party</dfn> is any commercial, nonprofit, or governmental @@ -107,7 +95,7 @@ following a single link, or through a single click. </p></section> - <section id=service-provider> + <section id="service-provider"> <h3>Service Provider</h3> <p id="def-service-providers"> An outsourced <dfn>service provider</dfn> is considered to be the @@ -119,12 +107,14 @@ by that client;</li> <li>has no independent right to use or share the data except as necessary to ensure the integrity, security, and correct operation - of the service being provided; and</li>5~ + of the service being provided; and</li> <li>has a contract in place that outlines and mandates these requirements.</li> - </ol></section> + </ol> + <p class="issue" data-number="206" title="Service Provider name and requirements"></p> + </section> - <section id=first-party> + <section id="first-party"> <h3>First Party</h3> <p> In the context of a specific network interaction, the <dfn>first @@ -157,7 +147,7 @@ <p class="issue" data-number="10" title="What is a first party?"></p> </section> - <section id=third-party> + <section id="third-party"> <h3>Third Party</h3> <p> A <dfn>third party</dfn> is any party other than a first party, @@ -168,7 +158,7 @@ limited to a specific network interaction. </p></section> - <section id=deidentified> + <section id="deidentified"> <h3>Deidentified</h3> <p> Data is <dfn>deidentified</dfn> when a party: @@ -191,13 +181,18 @@ </section> - <section id=tracking> + <section id="tracking"> + <h3>Tracking</h3> <p> <dfn>Tracking</dfn> is the retention or use, after a network interaction is complete, of data records that are, or can be, associated with a specific user, user agent, or device. </p> <p class="issue" data-number="5" title="What is the definition of tracking?"></p> + <p class="issue" data-number="119" title="Specify 'not tracking' or 'None'"></p> + </section> + <section id="collection"> + <h3>Collect, Retain, Use, Share</h3> <p id="def-collection"> A party <dfn>collects</dfn> data if it receives the data and shares the data with other parties or stores the data for more than a @@ -216,13 +211,11 @@ receive or access that data. </p> <p class="issue" data-number="16" title="What does it mean to collect data? (caching, logging, storage, retention, accumulation, profile etc.)"></p> - </section></section> <!-- end definitions --> + </section> + </section> <!-- end definitions --> <section id="user-agent-compliance"> <h3>User Agent Compliance</h3> - <p class="issue" data-number="132" title="Should the spec speak to intermediaries or hosting providers to modify any responses/statements about DNT compliance?"></p> - <p class="issue" data-number="151" title="User Agent Requirement: Be able to handle an exception request"></p> - <p class="issue" data-number="172" title="How should user agents be required to provide information about DNT?"></p> - <p class="issue" data-number="194" title="How should we ensure consent of users for DNT inputs?"></p> + <p class="issue" data-number="205" title="user agent compliance requirements; connections to TPE"></p> <p> A user agent MUST offer users a minimum of two alternative choices for a Do Not Track preference: unset or DNT: 1. A user agent MAY offer a third alternative choice: DNT: 0. </p> @@ -278,6 +271,7 @@ </section> <section id="third-party-compliance"> <h3>Third Party Compliance</h3> + <p class="issue" data-number="203" title="Use of 'tracking' in third-party compliance"></p> <p> If a third party receives a DNT: 1 signal, then: </p> @@ -329,10 +323,11 @@ by DNT: 1. </p> <p class="issue" data-number="134" title="Would we additionally permit logs that are retained for a short enough period?"></p> + <p class="issue" data-number="204" title="Definitions of collection / retention and transience / network interaction"></p> <p> It is outside the scope of this specification to control the collection and use of de-identified data. - + </p> <section id="geolocation"> <h3>Third Party Geolocation Compliance</h3> <p> @@ -340,10 +335,9 @@ be used in that interaction at any level more granular than postal code, unless specific consent has been granted for the use of more granular location data. </p> + <p class="issue" data-number="202" title="Limitations on geolocation by third parties"></p> </section> - </p> - <section id="permitted-use-requirements"> <h4>General Principles for Permitted Uses</h4> @@ -369,7 +363,6 @@ <section id="data-minimization-and-transparency"> <h5>Data Minimization, Retention and Transparency</h5> - <p class="issue" data-number="31" title="Minimization -- to what extent will minimization be required for use of a particular exemption?"></p> <p> Data retained by a party for permitted uses MUST be limited to the data reasonably necessary for such permitted uses. Such data @@ -388,6 +381,7 @@ <p> Third parties MUST make reasonable data minimization efforts to ensure that only the data necessary for the permitted use is retained, and MUST NOT rely on unique identifiers for users or devices if alternative solutions are reasonably available. </p> + <p class="issue" data-number="199" title="Limitations on the use of unique identifiers"></p> </section> <section id="no-personalization"> <h5>No Personalization</h5> @@ -413,8 +407,9 @@ <section id="permitted-uses"> <h3>Permitted Uses</h3> + <p class="issue" data-number="211" title="Should we specify retention periods (extended with transparency) for permitted uses?"></p> - <section id=frequency-capping> + <section id="frequency-capping"> <h4>Frequency Capping</h4> <p> Regardless of DNT signal, information MAY be collected, retained and used to limit @@ -424,7 +419,7 @@ on their ad frequency history, or otherwise alter the user’s experience. </p></section> - <section id=financial-logging> + <section id="financial-logging"> <h4>Financial Logging</h4> <p> Regardless of DNT signal, information MAY be collected, retained and used for @@ -434,7 +429,7 @@ and other standards. </p></section> - <section id=security> + <section id="security"> <h4>Security</h4> <p> To the extent proportionate and reasonably necessary for <dfn>detecting security risks and @@ -447,19 +442,22 @@ <p class="issue" data-number="24" title="Possible exemption for fraud detection and defense"></p> </section> - <section id=debugging> + <section id="debugging"> <h4>Debugging</h4> <p> Regardless of DNT signal, information MAY be collected, retained and used for <dfn>debugging purposes</dfn> to identify and repair errors that impair existing intended functionality. </p> - <p class="note"> - Expecting further text on <dfn>audience measurement</dfn>. - </p></section> - <p class="issue" data-number="25" title="How is audience measurement adressed under DNT? (permitted use or otherwise)"></p> + </section> + <section id="audience-measurement"> + <h4>Audience Measurement</h4> + <p class="note"> + Expecting further text on <dfn>audience measurement</dfn>. + </p> + <p class="issue" data-number="25" title="How is audience measurement adressed under DNT? (permitted use or otherwise)"></p> + </section> </section> - </section> <section id="user-granted-exceptions"> <h2>User-Granted Exceptions</h2> @@ -506,12 +504,15 @@ <li>Opt-Out / DNT User-Granted Exception: Treat as DNT: 0 for that site; DNT User-Granted Exception is honored</li> </ol> + <p class="issue" data-number="210" title="Interaction with existing privacy controls"></p> + <p class="issue" data-number="207" title="Conditions for dis-regarding (or not) DNT signals"></p> </section> <section> <h3>Unknowing Collection</h3> <p> If a party learns that it possesses information in violation of this standard, it MUST, where reasonably feasible, delete or de-identify that information at the earliest practical opportunity, even if it was previously unaware of such information practices despite reasonable efforts to understand its information practices. </p> + <p class="issue" data-number="208" title="Requirements on unknowing collection, retention and use"></p> </section> <section id="acknowledgements" class='appendix'> <h1>Acknowledgements</h1>
Received on Wednesday, 11 September 2013 22:05:39 UTC