- From: CVS User npdoty <cvsmail@w3.org>
- Date: Wed, 25 Jun 2014 02:55:33 +0000
- To: public-tracking-commit@w3.org
Update of /w3ccvs/WWW/2011/tracking-protection/drafts In directory gil:/tmp/cvs-serv2500 Modified Files: tracking-compliance.html Log Message: minimized rather than limited; note to explain applicability of these requirements --- /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-compliance.html 2014/06/25 02:36:51 1.118 +++ /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-compliance.html 2014/06/25 02:55:33 1.119 @@ -322,8 +322,7 @@ or other browser-based local storage mechanisms. </p> <section id="permitted-use-requirements"> - <h4>General Principles for Permitted Uses</h4> - + <h4>General Requirements for Permitted Uses</h4> <p> Some collection and use of data by third parties to a given user action is permitted, notwithstanding receipt of <code>DNT:1</code> in a network interaction, as enumerated below. @@ -334,6 +333,9 @@ permitted; unreasonable or disproportionate collection, retention, or use are not “permitted uses”. </p> + <p class="note"> + The requirements in the following sub-sections apply to a party that collects data for a permitted use and that would otherwise be prohibited from collecting, retaining or using that data under the third-party compliance requirements above. Where a first party to a given user action, for example, collects some data for a purpose listed among the permitted uses (e.g. security of network services), these requirements do not apply. + </p> <section id="no-secondary-uses"> <h5>No Secondary Uses</h5> @@ -347,10 +349,11 @@ <section id="data-minimization-and-transparency"> <h5>Data Minimization, Retention and Transparency</h5> <p> - Data collected by a party for permitted uses MUST be limited to + Data collected by a party for permitted uses MUST be minimized to the data reasonably necessary for such permitted uses. Such data - MUST NOT be retained any longer than is proportionate to and - reasonably necessary for such permitted uses. + MUST NOT be retained any longer than is proportionate to, and + reasonably necessary for, such permitted uses. A party MUST NOT rely + on unique identifiers if alternative solutions are reasonably available. </p> <p> A party MUST provide public transparency of the time periods @@ -359,13 +362,9 @@ different permitted uses. Data MUST NOT be used for a permitted use once the data retention period for that permitted use has expired. After there are no remaining permitted uses for given - data, the data MUST be deleted or de-identified. - </p> - <p> - A party that collects data for a permitted use MUST make reasonable data minimization efforts to ensure that only the data necessary for the permitted use is retained, and MUST NOT rely on unique identifiers if alternative solutions are reasonably available. + data, the data MUST be deleted or <a>deidentified</a>. </p> <p class="issue" data-number="199" title="Limitations on the use of unique identifiers"></p> - <p class="issue" data-number="233" title="Data Minimization, Retention and Transparency">Should we use "minimized" rather than "limited" in this section?</p> </section> <section id="no-personalization"> <h5>No Personalization</h5>
Received on Wednesday, 25 June 2014 02:55:36 UTC