- From: CVS User npdoty <cvsmail@w3.org>
- Date: Wed, 10 Dec 2014 05:41:12 +0000
- To: public-tracking-commit@w3.org
Update of /w3ccvs/WWW/2011/tracking-protection/drafts In directory gil:/tmp/cvs-serv27198 Modified Files: tracking-compliance.html Log Message: note indications of compliance with DNT:0 and DNT:1 signals separately (per fielding's proposal). Clarify references to the user-granted exceptions API --- /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-compliance.html 2014/12/02 22:16:36 1.132 +++ /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-compliance.html 2014/12/10 05:41:11 1.133 @@ -276,10 +276,17 @@ The editor's draft URI points to content that will change. Versions of this document that are published as Working Drafts or later maturity levels will use permanent URIs in this section, pointing to content that does not change. </p> <p> - A party to a given user action that is <a>tracking</a> that action MUST indicate so to the user agent. A party that is tracking a user with that user's consent MUST use the corresponding <code>C</code> or <code>P</code> <a class="externalDFN" href="http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#tracking-status-value">tracking status values</a>. A party that is tracking a user for reasons allowable under this recommendation (for example, for one of the permitted uses described below) MUST use the <code>T</code> value. A party to a given user action that is not engaged in tracking SHOULD use the <code>N</code> value (a <code>T</code> value is also conformant but not as informative). + When a user sends a <code>DNT:0</code> signal, the user is expressing a preference + to allow tracking. This recommendation places no restrictions on collection or use of data + from network interactions with <code>DNT:0</code> signals. Note, however, that a party might be + limited by its own statements to the user regarding the <code>DNT:0</code> setting. For more information, + see Section <a href="#user-granted-exceptions"></a>. + </p> + <p> + A party to a given user action which receives a <code>DNT:1</code> signal and is <a>tracking</a> that action MUST indicate so to the user agent. A party that is tracking a user with that user's consent to override an expressed <code>DNT:1</code> preference MUST indicate so with the corresponding <code>C</code> or <code>P</code> <a class="externalDFN" href="http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#tracking-status-value">tracking status values</a>. A party that is tracking a user for reasons allowable under this recommendation (for example, for one of the permitted uses described below) MUST use the <code>T</code> value. A party to a given user action that is not engaged in tracking SHOULD use the <code>N</code> value (a <code>T</code> value is also conformant but not as informative). </p> <p> - A party to a given user action that disregards a DNT signal MUST indicate so to the user agent, using the response mechanism defined in the [[TRACKING-DNT]] recommendation. The party MUST provide information in its privacy policy listing the specific reasons for not honoring the user's expressed preference. The party's representation MUST be clear and easily discoverable. + A party to a given user action that disregards a <code>DNT:1</code> signal MUST indicate that non-compliance to the user agent, using the response mechanism defined in the [[TRACKING-DNT]] recommendation. The party MUST provide information in its privacy policy listing the specific reasons for not honoring the user's expressed preference. The party's representation MUST be clear and easily discoverable. </p> <p> In the interest of transparency, especially where multiple reasons are listed, a server might use the [[TRACKING-DNT]] <a class="externalDFN" href="http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#rep.qualifiers">qualifiers</a> or <a class="externalDFN" href="http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#rep.config">config</a> properties to indicate a particular reason for disregarding or steps to address the issue. A user agent can parse this response to communicate the reason to the user or direct the user to the relevant section of a privacy policy. This document does not define specific qualifiers for different reasons servers might have for disregarding signals. @@ -296,7 +303,7 @@ </p> </aside> <p> - A first party to a given user action MUST NOT share data about those network interactions with third parties to that action who are prohibited from collecting data from those network interactions under this recommendation. Data about the interaction MAY be shared with service providers acting on behalf of the first party. + A first party to a given user action MUST NOT share data about those network interactions with third parties to that action who are prohibited from collecting data from those network interactions under this recommendation. Data about the interaction MAY be shared with service providers acting on behalf of that party. </p> <p> Compliance rules in this section apply where a party determines that it is a first party to a given user action — either because network resources are intended only for use as a first party to a user action or because the status is dynamically discerned. For cases where a party later determines that data was unknowingly collected as a third party to a user action, see Section <a href="#unknowing-collection"></a>. @@ -508,17 +515,11 @@ <section id="user-granted-exceptions"> <h2>User-Granted Exceptions</h2> <p> - When a user sends a <code>DNT:0</code> signal, the user is expressing a preference - to allow tracking. This recommendation places no restrictions on collection or use of data - from network interactions with <code>DNT:0</code> signals. Note, however, that a party might be - limited by its own statements to the user regarding the <code>DNT:0</code> setting. - </p> - <p> A party MAY engage in practices otherwise proscribed by this recommendation if the user has given explicit and informed consent. - This consent MAY be obtained through the API defined in the + After consent is received, it MAY be subsequently registered through the User-Granted Exceptions API defined in the companion [[!TRACKING-DNT]] document, or a party MAY - obtain <dfn>out of band</dfn> consent to disregard a Do Not Track + obtain and record <dfn>out of band</dfn> consent to disregard a Do Not Track preference using a different technology. If a party is relying on out of band consent to disregard a Do Not Track preference, the party MUST indicate this consent to the user agent as described in
Received on Wednesday, 10 December 2014 05:41:13 UTC