- From: CVS User npdoty <cvsmail@w3.org>
- Date: Tue, 26 May 2015 19:43:18 +0000
- To: public-tracking-commit@w3.org
Update of /w3ccvs/WWW/2011/tracking-protection/drafts
In directory gil:/var/tmp/cvs-serv10843
Added Files:
tracking-compliance-lc.html
Log Message:
pre-publication review
--- /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-compliance-lc.html 2015/05/26 19:43:18 NONE
+++ /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-compliance-lc.html 2015/05/26 19:43:18 1.1
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<title>Tracking Compliance and Scope</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<script src="http://www.w3.org/Tools/respec/respec-w3c-common" class="remove"
async="">
</script>
<script class="remove">
var respecConfig = {
specStatus: "LC",
shortName: "tracking-compliance",
previousMaturity: "WD",
previousVerison: "http://www.w3.org/TR/2015/WD-tracking-compliance-20150331/",
previousPublishDate: "2015-03-31",
edDraftURI: "http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html",
editors: [
{ name: "Nick Doty", url: "https://npdoty.name",
company: "W3C", companyURL: "http://w3.org"},
{ name: "Heather West",
company: "Google", companyURL: "http://google.com/",
note: "until 2014" },
{ name: "Justin Brookman",
company: "CDT", companyURL: "http://cdt.org/",
note: "until September 2013" },
{ name: "Sean Harvey",
company: "Google", companyURL: "http://google.com/",
note: "until June 2012" },
{ name: "Erica Newland",
company: "CDT", companyURL: "http://cdt.org/",
note: "until May 2012" },
],
wg: "Tracking Protection Working Group",
wgURI: "http://www.w3.org/2011/tracking-protection/",
wgPublicList: "public-tracking",
wgPatentURI: "http://www.w3.org/2004/01/pp-impl/49311/status",
issueBase: "http://www.w3.org/2011/tracking-protection/track/issues/",
processVersion: 2005,
localBiblio: {
"TPE": {
"authors": ["Roy T. Fielding","David Singer"],
"status" : "LCWD",
"href" : "http://www.w3.org/TR/tracking-dnt/",
// "status" : "ED",
// "href" : "http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html",
"title" : "Tracking Preference Expression (DNT)",
"date" : "24 April 2014",
"publisher" : "W3C"
}
}
}
</script>
<style>
table.simple {
width: 40%;
margin: 0 auto;
}
</style>
</head>
<body>
<section id="abstract">
<p>This specification defines a set of practices for compliance with a
user's Do Not Track (DNT) tracking preference to which a server may claim
adherence.</p>
</section>
<section id="sotd">
<p><b>This document is a TEST for pre-publication review. Do not cite.</b></p>
</section>
<section id="scope-and-goals">
<h2>Scope</h2>
<p>Do Not Track is designed to provide users with a simple mechanism to
express a preference to allow or limit online <a>tracking</a>. Complying
with the user's preference as described in this document includes limits on
the collection, retention and use of data collected as a <a>third party</a>
to <a title="user action">user actions</a> and the sharing of data not
<a>permanently de-identified</a>.</p>
<p>This specification is intended for compliance with expressed user
preferences via <a title="user agent">user agents</a> that (1) can access
the general browsable Web; (2) have a user interface that satisfies the
requirements in <a href=
"http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#determining">
Determining User Preference</a> in the [[!TPE]] specification; and, (3)
can implement all of the [[!TPE]] specification, including the
mechanisms for communicating a tracking status, and the user-granted
exception mechanism.</p>
<p>It is outside the scope of this specification to control short-term,
transient collection and use of data, so long as the data is not shared
with a third party and is not used to build a profile about a user or
otherwise alter an individual user’s experience outside the current
network interaction. For example, the contextual customization of ads shown
as part of the same network interaction is not restricted by a
<code>DNT:1</code> signal.</p>
</section>
<section id="definitions">
<h2>Definitions</h2>
<section id="user">
<h3>User</h3>
<p>A <dfn>user</dfn> is a natural person who is making, or has made, use of the Web.</p>
</section>
<section id="user-agent">
<h3>User Agent</h3>
<p>The term <dfn>user agent</dfn> refers to any of the various client
programs capable of initiating HTTP requests, including but not limited
to browsers, spiders (web-based robots), command-line tools, native
applications, and mobile apps [[!RFC7230]].</p>
</section>
<section id="network-interaction">
<h3>Network Interaction</h3>
<p>A <dfn>network interaction</dfn> is a single HTTP request and its
corresponding response(s): zero or more interim (1xx) responses and a
single final (2xx-5xx) response.</p>
</section>
<section id="user-action">
<h3>User Action</h3>
<p>A <dfn>user action</dfn> is a deliberate action by the user, via
configuration, invocation, or selection, to initiate a network
interaction. Selection of a link, submission of a form, and reloading a
page are examples of user actions.</p>
</section>
<section id="party">
<h3>Party</h3>
<p>A <dfn>party</dfn> is a natural person, a legal entity, or a set of
legal entities that share common owner(s), common controller(s), and a
group identity that is easily discoverable by a user. Common branding or
providing a list of affiliates that is available via a link from a
resource where a party describes DNT practices are examples of ways to
provide this discoverability.</p>
</section>
<section id="service-provider">
<h3>Service Provider</h3>
<p>Access to Web resources often involves multiple parties that might
process the data received in a network interaction. For example, domain
name services, network access points, content distribution networks, load
balancing services, security filters, cloud platforms, and
software-as-a-service providers might be a party to a given network
interaction because they are contracted by either the user or the
resource owner to provide the mechanisms for communication. Likewise,
additional parties might be engaged after a network interaction, such as
when services or contractors are used to perform specialized data
analysis or records retention.</p>
<p>For the data received in a given network interaction, a <dfn>service
provider</dfn> is considered to be the same party as its
<dfn>contractee</dfn> if the service provider:</p>
<ol>
<li>processes the data on behalf of the contractee;</li>
<li>ensures that the data is only retained, accessed, and used as
directed by the contractee;</li>
<li>has no independent right to use the data other than in a
<a>permanently de-identified</a> form (e.g., for monitoring service
integrity, load balancing, capacity planning, or billing); and,
</li>
<li>has a contract in place with the contractee which is consistent
with the above limitations.</li>
</ol>
</section>
<section id="first-party">
<h3>First Party</h3>
<p>With respect to a given user action, a <dfn>first party</dfn> is a
party with which the user intends to interact, via one or more network
interactions, as a result of making that action. Merely hovering over,
muting, pausing, or closing a given piece of content does not constitute
a user's intent to interact with another party.</p>
<p>In some cases, a resource on the Web will be jointly controlled by two
or more distinct parties. Each of those parties is considered a first
party to a given user action if a user would reasonably expect to
communicate with all of them when accessing that resource. For example,
prominent co-branding on the resource might lead a user to expect that
multiple parties are responsible for the content or functionality.</p>
<p>Network interactions related to a given user action
may not constitute intentional interaction when, for example, the user is
unaware or only transiently informed of redirection or framed
content.</p>
</section>
<section id="third-party">
<h3>Third Party</h3>
<p>For any data collected as a result of one or more network interactions
resulting from a user's action, a <dfn>third party</dfn> is any party
other than that user, a first party for that user action, or a service
provider acting on behalf of either that user or that first party.</p>
</section>
<section id="deidentified">
<h3>De-identification</h3>
<p>Data is <dfn>permanently de-identified</dfn> when there exists a high
level of confidence that no human subject of the data can be identified,
directly or indirectly (e.g., via association with an identifier, user
agent, or device), by that data alone or in combination with other
retained or available information.</p>
<section id="deidentified-considerations" class="informative">
<h4>De-identification Considerations</h4>
<p>In this specification the term <a>permanently de-identified</a> is
used for data that has passed out of the scope of this specification
and can not, and will never, come back into scope. The organization
that performs the de-identification needs to be confident that the data
can never again identify the human subjects whose activity contributed
to the data. That confidence may result from ensuring or demonstrating
that it is no longer possible to:</p>
<ul>
<li>isolate some or all records which correspond to a device or
user;</li>
<li>link two or more records (either from the same database or
different databases), concerning the same device or user;</li>
<li>deduce, with significant probability, information about a device
or user.</li>
</ul>
<p>Regardless of the de-identification approach, unique keys can be used
to correlate records within the de-identified dataset, provided the keys
do not exist and cannot be derived outside the de-identified dataset and
have no meaning outside the de-identified dataset (i.e. no mapping table
can exist that links the original identifiers to the keys in the
de-identified dataset).</p>
<p>In the case of records in such data that relate to a single user or
a small number of users, usage and/or distribution restrictions are
advisable; experience has shown that such records can, in fact,
sometimes be used to identify the user or users despite technical
measures taken to prevent re-identification. It is also a good practice
to disclose (e.g. in the privacy policy) the process by which
de-identification of these records is done, as this can both raise the
level of confidence in the process, and allow for for feedback on the
process. The restrictions might include, for example:</p>
<ul>
<li>technical safeguards that prohibit re-identification of
de-identified data;</li>
<li>business processes that specifically prohibit re-identification of
de-identified data;</li>
<li>business processes that prevent inadvertent release of de-identified data;</li>
<li>administrative controls that limit access to de-identified data.</li>
</ul>
<p>Geolocation data (of a certain precision or over a period of time)
may itself identify otherwise de-identified data.</p>
</section>
</section>
<section id="tracking">
<h3>Tracking</h3>
<p><dfn>Tracking</dfn> is the collection of data regarding a particular
user's activity across multiple distinct contexts and the retention, use,
or sharing of data derived from that activity outside the context in
which it occurred. A <dfn>context</dfn> is a set of resources that are
controlled by the same party or jointly controlled by a set of
parties.</p>
</section>
<section id="collection">
<h3>Collect, Use, Share</h3>
<p>A party <dfn>collects</dfn> data received in a network interaction if
that data remains within the party’s control after the network
interaction is complete.</p>
<p>A party <dfn>uses</dfn> data if the party processes the data for any
purpose other than storage or merely forwarding it to another party.</p>
<p>A party <dfn>shares</dfn> data if it transfers or provides a copy of
data to any other party.</p>
</section>
</section><!-- end definitions -->
<section id="server-compliance">
<h3>Server Compliance</h3>
<section id="indicating-compliance">
<h3>Indicating Compliance and Non-Compliance</h3>
<p>In order to indicate a party's compliance with a user's expressed
tracking preference as described in this specification for a given
resource, an origin server:</p>
<ol start="1">
<li>MUST conform to the origin server requirements of [[!TPE]];</li>
<li>MUST send a tracking status value other than <code>!</code> (under
construction) or <code>D</code> (disregarding) for that resource; and
</li>
<li>MUST send, in a tracking status representation applicable to that
resource, a compliance property that contains a reference to the
following URI:
<blockquote>
<code>http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html</code>
</blockquote>
</li>
</ol>
<p class="note">The editor's draft URI points to content that will
change. Versions of this document that are published as Working Drafts or
later maturity levels will use permanent URIs in this section, pointing
to content that does not change.</p>
<p>When a user sends a <code>DNT:0</code> signal, the user is expressing
a preference to allow tracking. This specification places no
restrictions on collection or use of data from network interactions with
<code>DNT:0</code> signals. Note, however, that a party might be limited
by its own statements to the user regarding the <code>DNT:0</code>
setting. For more information, see Section <a href=
"#user-granted-exceptions"></a>.</p>
<p>A party to a given user action which receives a <code>DNT:1</code>
signal and is <a>tracking</a> that action MUST indicate so to the user
agent. A party that is tracking a user with that user's consent to
override an expressed <code>DNT:1</code> preference MUST indicate so with
the corresponding <code>C</code> or <code>P</code> <a class="externalDFN"
href=
"http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#tracking-status-value">
tracking status values</a>. A party that is tracking a user for reasons
allowable under this specification (for example, for one of the
permitted uses described below) MUST use the <code>T</code> value. A
party to a given user action that is not engaged in tracking SHOULD use
the <code>N</code> value (a <code>T</code> value is also conformant but
not as informative).</p>
<p>A party to a given user action that disregards a <code>DNT:1</code>
signal MUST indicate that non-compliance to the user agent, using the
response mechanism defined in the [[!TPE]] specification. The
party MUST provide information in its privacy policy listing the specific
reasons for not honoring the user's expressed preference. The party's
representation MUST be clear and easily discoverable.</p>
<p>In the interest of transparency, especially where multiple reasons are
listed, a server might use the [[!TPE]] <a class="externalDFN"
href=
"http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#rep.qualifiers">
qualifiers</a> or <a class="externalDFN" href=
"http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#rep.config">
config</a> properties to indicate a particular reason for disregarding or
steps to address the issue. A user agent can parse this response to
communicate the reason to the user or direct the user to the relevant
section of a privacy policy. This document does not define specific
qualifiers for different reasons servers might have for disregarding
signals.</p>
</section>
<section id="first-party-compliance">
<h3>First Party Compliance</h3>
<p>With respect to a given user action, a first party to that action
which receives a <code>DNT:1</code> signal MAY collect, retain and use
data received from those network interactions. This includes customizing
content, services and advertising with respect to those user actions.</p>
<aside class="example">
<p>A site that collects and uses data about users only when those users
visit the site itself can comply with the a user's expressed DNT
preference without changing the site's practices of data collection and
use. Such a site can create a static site-wide tracking status resource
with a tracking status value of <code>N</code>.</p>
</aside>
<p>A first party to a given user action MUST NOT share data about those
network interactions with third parties to that action who are prohibited
from collecting data from those network interactions under this
specification. Data about the interaction MAY be shared with service
providers acting on behalf of that first party.</p>
<p>Compliance rules in this section apply where a party determines that
it is a first party to a given user action — either because network
resources are intended only for use as a first party to a user action or
because the status is dynamically discerned. For cases where a party
[372 lines skipped]
Received on Tuesday, 26 May 2015 19:43:20 UTC