CVS WWW/2011/tracking-protection/drafts

• From: CVS User npdoty <cvsmail@w3.org>
• Date: Wed, 25 Jun 2014 02:36:52 +0000
• To: public-tracking-commit@w3.org
• Message-Id: <E1Wzd4u-0000MP-0R@gil.w3.org>

Update of /w3ccvs/WWW/2011/tracking-protection/drafts
In directory gil:/tmp/cvs-serv1385

Modified Files:
	tracking-compliance.html 
Log Message:
update service provider text (issue-206; action-452)

--- /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-compliance.html	2014/06/15 00:55:45	1.117
+++ /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-compliance.html	2014/06/25 02:36:51	1.118
@@ -137,21 +137,18 @@
       
       <section id="service-provider">
       <h3>Service Provider</h3>
-  		<p id="def-service-providers">
-        An outsourced <dfn>service provider</dfn> is considered to be the
-         same party as its client if the service provider:
-			</p>
-			<ol> 
-				<li>acts only as a data processor on behalf of the client;</li>
-				<li>ensures that the data can only be accessed and used as directed
-         by that client;</li>
-				<li>has no independent right to use or share the data except as
-         necessary to ensure the integrity, security, and correct operation
-         of the service being provided; and</li>
-				<li>has a contract in place that outlines and mandates these
-         requirements.</li>
+      <p>
+        Access to Web resources often involves multiple parties that might process the data received in a network interaction. For example, domain name services, network access points, content distribution networks, load balancing services, security filters, cloud platforms, and software-as-a-service providers might be a party to a given network interaction because they are contracted by either the user or the resource owner to provide the mechanisms for communication. Likewise, additional parties might be engaged after a network interaction, such as when services or contractors are used to perform specialized data analysis or records retention.
+      </p>
+      <p>
+        For the data received in a given network interaction, a <dfn>service provider</dfn> is considered to be the same party as its <dfn>contractee</dfn> if the service provider:
+      </p>
+      <ol>
+        <li>processes the data on behalf of the contractee;</li>
+        <li>ensures that the data is only retained, accessed, and used as directed by the contractee;</li>
+        <li>has no independent right to use the data other than in a <a>deidentified</a> form (e.g., for monitoring service integrity, load balancing, capacity planning, or billing); and,</li>
+        <li>has a contract in place with the contractee which is consistent with the above limitations.</li>
       </ol>
-      <p class="issue" data-number="206" title="Service Provider name and requirements"></p>
       </section>
       
       <section id="first-party">

Received on Wednesday, 25 June 2014 02:36:53 UTC