W3C home > Mailing lists > Public > public-tracking-commit@w3.org > December 2014

CVS WWW/2011/tracking-protection/drafts

From: CVS User rfieldin <cvsmail@w3.org>
Date: Fri, 05 Dec 2014 19:18:49 +0000
Message-Id: <E1XwyOv-0005vI-9z@gil.w3.org>
To: public-tracking-commit@w3.org
Update of /w3ccvs/WWW/2011/tracking-protection/drafts
In directory gil:/tmp/cvs-serv22768

Modified Files:
	tracking-dnt.html 
Log Message:
tracking-ISSUE-262: clarify the requirements on a gateway (instead of the origin server) and be consistent when referring to DNT:1

--- /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-dnt.html	2014/12/05 00:53:00	1.274
+++ /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-dnt.html	2014/12/05 19:18:49	1.275
@@ -319,7 +319,7 @@
         preference expression in a request forwarded through that intermediary
         unless the intermediary has been specifically installed or configured
         to do so by the user making the request. For example, an Internet
-        Service Provider MUST NOT inject <code>DNT:1</code> on behalf of all
+        Service Provider MUST NOT inject <code><a>DNT:1</a></code> on behalf of all
         users who have not expressed a preference.
       </p>
       <p>
@@ -437,14 +437,14 @@
           A user agent MUST generate a <a>DNT</a> header field with a
           field-value that begins with the numeric character "1" if the
           user's tracking preference is <a>enabled</a>, their preference is
-          for <code>DNT:1</code>, and no exception has been granted for the
+          for <code><a>DNT:1</a></code>, and no exception has been granted for the
           request target (see <a href="#exceptions" class="sectionRef"></a>).
         </p>
         <p>
           A user agent MUST generate a <a>DNT</a> header field with a
           field-value that begins with the numeric character "0" if the
           user's tracking preference is <a>enabled</a> and their preference is
-          for <code>DNT:0</code>, or if an exception has been granted for the
+          for <code><a>DNT:0</a></code>, or if an exception has been granted for the
           request target.
         </p>
         <p>
@@ -624,7 +624,8 @@
             is acting as a gateway to an exchange involving multiple parties.
             This might occur if a response to the <a>designated resource</a>
             involves an automated selection process, such as dynamic bidding,
-            that determines which party is able to collect tracking data.
+            where the party that is selected determines how the request data
+            will be treated with respect to an expressed tracking preference.
             Similar to the <code>?</code> value, the <code>G</code> TSV
             indicates that the actual tracking status is dynamic and will be
             provided in the response message's <a>Tk</a> header field,
@@ -635,32 +636,43 @@
             An origin server MUST NOT send <code>G</code> as the
             tracking status value in a <a>Tk</a> header field or within the
             representation of a request-specific tracking status resource.
-            An origin server MUST NOT send <code>G</code> as the tracking
+          </p>
+          <p>
+            A gateway MUST NOT send <code>G</code> as the tracking
             status value if it knows in advance that all of the potential
             recipients have agreed on a single tracking status value of
-            <code>N</code> (not tracking); in this case, the origin server
+            <code>N</code> (not tracking); in this case, the gateway
             MUST respond with <code>N</code> instead of <code>G</code>.
           </p>
           <p>
+            A gateway MUST NOT send <code>G</code> as the tracking
+            status value unless it has reason to believe that recipients
+            other than the selected party will not retain tracking data after
+            the selection has been made when the expressed tracking preference
+            is <code><a>DNT:1</a></code>; if non-selected recipients retain
+            tracking data under <code><a>DNT:1</a></code>, the gateway
+            MUST respond with <code>T</code> instead of <code>G</code>.
+          </p>
+          <p>
             If <code>G</code> is present in the site-wide tracking status:
             <ul>
-              <li>the origin server MUST meet the requirements of a
+              <li>the gateway MUST meet the requirements of a
                 service provider for each of the parties to which it
                 provides request data;</li>
-              <li>the origin server MUST send a link within its site-wide
+              <li>the gateway MUST send a link within its site-wide
                 tracking status representation to a privacy policy that
-                explains what limitations (if any) are placed on parties that
+                explains what limitations are placed on parties that
                 might receive data via that gateway;</li>
-              <li>the origin server MUST forward any expressed tracking
+              <li>the gateway MUST forward any expressed tracking
                 preference in the request to each party that receives data
-                from that request;</li>
-              <li>the origin server MUST send a <a>Tk</a> header field in
+                from that request; and,</li>
+              <li>the gateway MUST send a <a>Tk</a> header field in
                 responses to requests on the designated resource and include
                 within that field's value a <code><a>status-id</a></code>
                 specific to the selected party, such that information about
                 the selected party can be obtained via the request-specific
                 tracking status resource (see
-                <a href="#request-specific-status-resource" class="sectionRef"></a>).</li>
+                <a href="#request-specific-status-resource" class="sectionRef"></a>).
             </ul>
           </p>
         </section>
@@ -709,9 +721,9 @@
             A tracking status value of <dfn>P</dfn> means that the origin
             server does not know, in real-time, whether it has received prior
             consent for tracking this user, user agent, or device, but
-            promises not to use or share any <code>DNT:1</code> data until
+            promises not to use or share any <code><a>DNT:1</a></code> data until
             such consent has been determined, and further promises to delete
-            or de-identify within forty-eight hours any <code>DNT:1</code>
+            or de-identify within forty-eight hours any <code><a>DNT:1</a></code>
             data received for which such consent has not been received.
           </p>
           <p>
@@ -1328,7 +1340,7 @@
       <section id='response-error'>
         <h3>Status Code for Tracking Required</h3>
         <p>
-          If an origin server receives a request with <code>DNT:1</code>,
+          If an origin server receives a request with <code><a>DNT:1</a></code>,
           does not have out-of-band consent for tracking this user, and
           wishes to deny access to the requested resource until the user
           provides some form of user-granted exception or consent for tracking,
@@ -1595,8 +1607,8 @@
             <li>While the user is browsing a given site (top-level origin),
               and a DNT header is to be sent to a target domain, if the duplet
               [top-level origin, target domain] matches any duplet in the
-              database, then a DNT:0 header is sent, otherwise the header (if one
-              is needed) corresponding to the user’s general preference is sent.</li>
+              database, then a <code><a>DNT:0</a></code> preference is sent,
+              otherwise the user’s general preference is sent (if any).</li>
           </ul>
           <p>A pair of duplets [A,B] and [X,Y] match if A matches X and B matches Y. 
             A pair of values A and X match if and only if one of the following 
@@ -1965,14 +1977,14 @@
 			will use some other third parties.</p>
 
 		<p>If a user agent sends a tracking exception to a given combination of origin 
-			server and a named third party, the user agent will send DNT:0 to that named 
-			third party. By receiving the DNT:0 header, the named third party acquires 
+			server and a named third party, the user agent will send <code><a>DNT:0</a></code> to that named 
+			third party. By receiving the <code><a>DNT:0</a></code> preference, the named third party acquires 
 			the permission to track the user agent and collect the data and process it 
 			in any way allowed by the legal system it is operating in.</p>
 		
-		<p>Furthermore, the named third party receiving the DNT:0 header acquires at 
+		<p>Furthermore, the named third party receiving the <code><a>DNT:0</a></code> header acquires at 
 			least the right to collect data and process it for the given interaction and 
-			any other use unless it receives a DNT:1 header from that particular 
+			any other use unless it receives a <code><a>DNT:1</a></code> from that particular 
 			identified user agent.</p>
 		
 		<p>The named third party is also allowed to transmit the collected data for 
@@ -1981,19 +1993,19 @@
 			The tracking permission request triggered 
 			by the origin server is thus granted to the named third party and its 
 			sub-services. This is even true for sub-services that would normally receive a 
-			DNT:1 web-wide preference from the user agent if the user agent  
+			<code><a>DNT:1</a></code> web-wide preference from the user agent if the user agent  
 			interacted with this service directly.</p>
 		
 		<p>For advertisement networks this typically would mean that the collection and 
 			auction system chain can use the data for that interaction and combine it 
 			with existing profiles and data.  The sub-services to the named third party 
 			do not acquire an independent right to process the data for independent 
-			secondary uses unless they, themselves, receive a DNT:0 
-			header from the user agent (as a result of their own request or the request of 
+			secondary uses unless they, themselves, receive a <code><a>DNT:0</a></code> 
+			preference from the user agent (as a result of their own request or the request of 
 			a first-party). In our example of advertisement networks that 
 			means the sub-services can use existing profiles in combination with the 
 			data received, but they can not store the received information into a 
-			profile until they have received a DNT:0 of their own. </p>
+			profile until they have received a <code><a>DNT:0</a></code> of their own. </p>
 		
 		<p>A named third party 
 			acquiring an exception with this mechanism MUST make sure that sub-services 
@@ -2104,9 +2116,10 @@
           test for the existence of
           <code>storeSiteSpecificTrackingException</code> before calling
           the method. If an exception is granted and the
-          user agent stores that preference, a user agent may send a DNT:0
-          header field even if a tracking preference isn't expressed for other
-          requests. Persisted preferences MAY also affect which header is
+          user agent stores that preference, a user agent may send the
+          <code><a>DNT:0</a></code> tracking preference even if it has not
+          enabled preferences to be sent for other
+          requests. Persisted preferences MAY affect which preference is
           transmitted if a user later chooses to express a tracking
           preference.
         </p>
Received on Friday, 5 December 2014 19:18:51 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 19:48:57 UTC