- From: CVS User npdoty <cvsmail@w3.org>
- Date: Mon, 30 Mar 2015 07:01:37 +0000
- To: public-tracking-commit@w3.org
Update of /w3ccvs/WWW/2011/tracking-protection/drafts
In directory gil:/var/tmp/cvs-serv45080
Modified Files:
tracking-compliance.html
Log Message:
editorial changes as discussed on March 24th
--- /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-compliance.html 2015/03/23 00:57:27 1.142
+++ /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-compliance.html 2015/03/30 07:01:37 1.143
@@ -58,7 +58,7 @@
<body>
<section id="abstract">
- <p>This recommendation defines a set of practices for compliance with a
+ <p>This specification defines a set of practices for compliance with a
user's Do Not Track (DNT) tracking preference to which a server may claim
adherence.</p>
</section>
@@ -85,9 +85,9 @@
with the user's preference as described in this document includes limits on
the collection, retention and use of data collected as a <a>third party</a>
to <a title="user action">user actions</a> and the sharing of data not
- <a>permanently deidentified</a>.</p>
+ <a>permanently de-identified</a>.</p>
- <p>This recommendation is intended for compliance with expressed user
+ <p>This specification is intended for compliance with expressed user
preferences via <a title="user agent">user agents</a> that (1) can access
the general browsable Web; (2) have a user interface that satisfies the
requirements in <a href=
@@ -96,6 +96,18 @@
can implement all of the [[!TRACKING-DNT]] specification, including the
mechanisms for communicating a tracking status, and the user-granted
exception mechanism.</p>
+
+ <p>It is outside the scope of this specification to control short-term,
+ transient collection and use of data, so long as the data is not shared
+ with a third party and is not used to build a profile about a user or
+ otherwise alter an individual user’s experience outside the current
+ network interaction. For example, the contextual customization of ads shown
+ as part of the same network interaction is not restricted by a
+ <code>DNT:1</code> signal.</p>
+
+ <p class="issue" data-number="134" title=
+ "Would we additionally permit logs that are retained for a short enough period?">
+ </p>
<p class="issue" data-number="209" title=
"Description of scope of specification"></p>
@@ -123,7 +135,7 @@
proposal to move a sentence about user agents from the Introduction/Scope
section to this section. We might also include a reference here to the
conformance requirements on user agents in the companion TPE
- recommendation.</p>
+ specification.</p>
</section>
<section id="network-interaction">
@@ -179,7 +191,7 @@
directed by the contractee;</li>
<li>has no independent right to use the data other than in a
- <a>permanently deidentified</a> form (e.g., for monitoring service
+ <a>permanently de-identified</a> form (e.g., for monitoring service
integrity, load balancing, capacity planning, or billing); and,
</li>
@@ -220,21 +232,21 @@
</section>
<section id="deidentified">
- <h3>Deidentification</h3>
+ <h3>De-identification</h3>
- <p>Data is <dfn>permanently deidentified</dfn> when there exists a high
+ <p>Data is <dfn>permanently de-identified</dfn> when there exists a high
level of confidence that no human subject of the data can be identified,
directly or indirectly (e.g., via association with an identifier, user
agent, or device), by that data alone or in combination with other
retained or available information.</p>
<section id="deidentified-considerations" class="informative">
- <h4>Deidentification Considerations</h4>
+ <h4>De-identification Considerations</h4>
- <p>In this specification the term <a>permanently deidentified</a> is
+ <p>In this specification the term <a>permanently de-identified</a> is
used for data that has passed out of the scope of this specification
and can not, and will never, come back into scope. The organization
- that performs the deidentification needs to be confident that the data
+ that performs the de-identification needs to be confident that the data
can never again identify the human subjects whose activity contributed
to the data. That confidence may result from ensuring or demonstrating
that it is no longer possible to:</p>
@@ -250,41 +262,41 @@
or user.</li>
</ul>
- <p>Regardless of the deidentification approach, unique keys can be used
- to correlate records within the deidentified dataset, provided the keys
- do not exist and cannot be derived outside the deidentified dataset and
- have no meaning outside the deidentified dataset (i.e. no mapping table
+ <p>Regardless of the de-identification approach, unique keys can be used
+ to correlate records within the de-identified dataset, provided the keys
+ do not exist and cannot be derived outside the de-identified dataset and
+ have no meaning outside the de-identified dataset (i.e. no mapping table
can exist that links the original identifiers to the keys in the
- deidentified dataset).</p>
+ de-identified dataset).</p>
<p>In the case of records in such data that relate to a single user or
a small number of users, usage and/or distribution restrictions are
advisable; experience has shown that such records can, in fact,
sometimes be used to identify the user or users despite technical
- measures taken to prevent reidentification. It is also a good practice
+ measures taken to prevent re-identification. It is also a good practice
to disclose (e.g. in the privacy policy) the process by which
- deidentification of these records is done, as this can both raise the
+ de-identification of these records is done, as this can both raise the
level of confidence in the process, and allow for for feedback on the
process. The restrictions might include, for example:</p>
<ul>
- <li>technical safeguards that prohibit reidentification of
- deidentified data and/or merging of the original tracking data and
- deidentified data;</li>
-
- <li>business processes that specifically prohibit reidentification of
- deidentified data and/or merging of the original tracking data and
- deidentified data;</li>
+ <li>technical safeguards that prohibit re-identification of
+ de-identified data and/or merging of the original tracking data and
+ de-identified data;</li>
+
+ <li>business processes that specifically prohibit re-identification of
+ de-identified data and/or merging of the original tracking data and
+ de-identified data;</li>
<li>business processes that prevent inadvertent release of either the
- original tracking data or deidentified data;</li>
+ original tracking data or de-identified data;</li>
<li>administrative controls that limit access to both the original
- tracking data and deidentified data.</li>
+ tracking data and de-identified data.</li>
</ul>
<p>Geolocation data (of a certain precision or over a period of time)
- may itself identify otherwise deidentified data.</p>
+ may itself identify otherwise de-identified data.</p>
</section>
</section>
@@ -319,28 +331,16 @@
<section id="server-compliance">
<h3>Server Compliance</h3>
-
- <p>It is outside the scope of this specification to control short-term,
- transient collection and use of data, so long as the data is not shared
- with a third party and is not used to build a profile about a user or
- otherwise alter an individual user’s user experience outside the current
- network interaction. For example, the contextual customization of ads shown
- as part of the same network interaction is not restricted by a
- <code>DNT:1</code> signal.</p>
-
- <p class="issue" data-number="134" title=
- "Would we additionally permit logs that are retained for a short enough period?">
- </p>
-
+
<section id="indicating-compliance">
<h3>Indicating Compliance and Non-Compliance</h3>
<p>In order to communicate compliance with a user's expressed tracking
- preference as described in this recommendation, a party MUST indicate
+ preference as described in this specification, a party MUST indicate
compliance using the tracking status resource defined in the
- [[TRACKING-DNT]] recommendation. A party MUST use the following URI (in
+ [[TRACKING-DNT]] specification. A party MUST use the following URI (in
the <code>compliance</code> property array) to indicate compliance with
- this version of the recommendation:</p>
+ this version of the specification:</p>
<blockquote>
<code>http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html</code>
@@ -352,7 +352,7 @@
to content that does not change.</p>
<p>When a user sends a <code>DNT:0</code> signal, the user is expressing
- a preference to allow tracking. This recommendation places no
+ a preference to allow tracking. This specification places no
restrictions on collection or use of data from network interactions with
<code>DNT:0</code> signals. Note, however, that a party might be limited
by its own statements to the user regarding the <code>DNT:0</code>
@@ -367,7 +367,7 @@
href=
"http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#tracking-status-value">
tracking status values</a>. A party that is tracking a user for reasons
- allowable under this recommendation (for example, for one of the
+ allowable under this specification (for example, for one of the
permitted uses described below) MUST use the <code>T</code> value. A
party to a given user action that is not engaged in tracking SHOULD use
the <code>N</code> value (a <code>T</code> value is also conformant but
@@ -375,7 +375,7 @@
<p>A party to a given user action that disregards a <code>DNT:1</code>
signal MUST indicate that non-compliance to the user agent, using the
- response mechanism defined in the [[TRACKING-DNT]] recommendation. The
+ response mechanism defined in the [[TRACKING-DNT]] specification. The
party MUST provide information in its privacy policy listing the specific
reasons for not honoring the user's expressed preference. The party's
representation MUST be clear and easily discoverable.</p>
@@ -413,7 +413,7 @@
<p>A first party to a given user action MUST NOT share data about those
network interactions with third parties to that action who are prohibited
from collecting data from those network interactions under this
- recommendation. Data about the interaction MAY be shared with service
+ specification. Data about the interaction MAY be shared with service
providers acting on behalf of that first party.</p>
<p>Compliance rules in this section apply where a party determines that
@@ -424,7 +424,7 @@
a user action, see Section <a href="#unknowing-collection"></a>.</p>
<p>A first party to a given user action MAY elect to follow the rules
- defined under this recommendation for third parties.</p>
+ defined under this specification for third parties.</p>
<p class="note">Given WG decision on ISSUE-241, how should a first party
to an action indicate to the user that it is electing to follow
@@ -439,21 +439,9 @@
"Use of 'tracking' in third-party compliance"></p>
<p>When a third party to a given user action receives a
- <code>DNT:1</code> signal in a related network interaction:</p>
-
- <ol start="1">
- <li>that party MUST NOT collect, share, or use <a>tracking data</a>
- related to that interaction;
- </li>
-
- <li>that party MUST NOT use data about network interactions with that
- user in a different <a>context</a>.
- </li>
- </ol>
-
- <p>A third party to a given user action MAY nevertheless collect and use
- such data when:</p>
-
+ <code>DNT:1</code> signal in a related network interaction, that party
+ MAY collect and use data about those network interactions when:</p>
+
<ol start="1">
<li>a user has explicitly granted consent, as described
below (Section <a href=
@@ -463,17 +451,30 @@
below (Section <a href=
"#permitted-uses"></a>);</li>
- <li>or, the data is <a>permanently deidentified</a> as defined in this
+ <li>or, the data is <a>permanently de-identified</a> as defined in this
specification.
</li>
</ol>
+
+ <p>Other than under those enumerated conditions, that party:</p>
+
+ <ol start="1">
+ <li>MUST NOT collect, share, or use <a>tracking data</a>
+ related to that interaction;
+ </li>
+
+ <li>MUST NOT use data about network interactions with that
+ user in a different <a>context</a>.
+ </li>
+ </ol>
+
<aside class="example">
<p>An embedded widget provider (a third party to users' interactions
with various sites) counts visitors' country of origin and device type
but removes identifiers in order to <a title=
- "permanently deidentified">permanently deidentify</a> collected data.
- For the purposes of this recommendation, the party is not
+ "permanently de-identified">permanently de-identify</a> collected data.
+ For the purposes of this specification, the party is not
<a>tracking</a> the user and can create a static site-wide tracking
status resource with a tracking status value of <code>N</code> to
indicate that status.</p>
@@ -530,7 +531,7 @@
Data MUST NOT be used for a permitted use once the data retention
period for that permitted use has expired. After there are no
remaining permitted uses for given data, the data MUST be deleted or
- <a>permanently deidentified</a>.</p>
+ <a>permanently de-identified</a>.</p>
<p class="issue" data-number="199" title=
"Limitations on the use of unique identifiers"></p>
@@ -581,7 +582,7 @@
current network interaction and concurrent transactions. This may
include counting ad impressions to unique visitors, verifying
positioning and quality of ad impressions and auditing compliance
- with this and other standards.</p>
+ with this specification and other standards.</p>
</section>
<section id="security">
@@ -597,7 +598,7 @@
<p>When feasible, a graduated response to a detected security
incident is preferred over widespread data collection. In this
- recommendation, a <dfn>graduated response</dfn> is a data
+ specification, a <dfn>graduated response</dfn> is a data
minimization methodology where actions taken are proportional to the
problem or risk being mitigated.</p>
@@ -708,7 +709,7 @@
<h2>Consent</h2>
<p>A party MAY engage in practices otherwise proscribed by this
- recommendation when the user has given explicit and informed consent. After
+ specification when the user has given explicit and informed consent. After
consent is received, it might be subsequently registered through the
User-Granted Exceptions API defined in the companion [[!TRACKING-DNT]]
document or recorded <dfn>out of band</dfn> using a different technology.
@@ -725,7 +726,7 @@
consent cookie is recognized and a <code>DNT: 1</code> header is present,
the site responds with a <code>Tk</code> response header of
<code>C</code>, to indicate that consent to the user.</p>
- </aside>
+ </aside>
</section>
<section id="interactions">
@@ -748,7 +749,7 @@
<h3>Unknowing Collection</h3>
<p>If a party learns that it possesses data in violation of this
- recommendation, it MUST, where reasonably feasible, delete or de-identify
+ specification, it MUST, where reasonably feasible, delete or de-identify
that data at the earliest practical opportunity, even if it was previously
unaware of such information practices despite reasonable efforts to
understand its information practices.</p>
@@ -757,7 +758,7 @@
<section>
<h3>Legal Compliance</h3>
- <p>Notwithstanding anything in this recommendation, a party MAY collect,
+ <p>Notwithstanding anything in this specification, a party MAY collect,
use, and share data required to comply with applicable laws, regulations,
and judicial processes.</p>
</section>
Received on Monday, 30 March 2015 07:01:39 UTC