CVS WWW/2011/tracking-protection/drafts

Update of /w3ccvs/WWW/2011/tracking-protection/drafts
In directory gil:/var/tmp/cvs-serv40943

Added Files:
	tracking-compliance-cr-prep.html 
Log Message:
CR pre-publication test for Compliance


--- /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-compliance-cr-prep.html	2016/03/06 21:32:39	NONE
+++ /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-compliance-cr-prep.html	2016/03/06 21:32:39	1.1
<!DOCTYPE html>

<html lang="en" dir="ltr">
<head>
  <title>Tracking Compliance and Scope</title>
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
  <script src="http://www.w3.org/Tools/respec/respec-w3c-common" class="remove"
  async="">
</script>
  <script class="remove">
var respecConfig = {
      specStatus:          "CR",
      shortName:           "tracking-compliance",
      previousMaturity:    "LCWD",
      previousPublishDate: "2014-07-15",
      crEnd: "2016-06-15",
      implementationReportURI: "https://www.w3.org/wiki/Privacy/TPWG/TCS_Implementation_Report",
      edDraftURI:  "http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html", 
      editors:  [
        { name: "Nick Doty", url: "https://npdoty.name" },
        { name: "Heather West",
          company: "Google", companyURL: "http://google.com/",
          note: "until 2014" }, 
        { name: "Justin Brookman",
          company: "CDT", companyURL: "http://cdt.org/",
          note: "until September 2013" }, 
        { name: "Sean Harvey",
          company: "Google", companyURL: "http://google.com/",
          note: "until June 2012" }, 
        { name: "Erica Newland",
          company: "CDT", companyURL: "http://cdt.org/",
          note: "until May 2012" },
      ],
      wg:      "Tracking Protection Working Group",
      wgURI:   "http://www.w3.org/2011/tracking-protection/",
      wgPublicList: "public-tracking-comments",
      wgPatentURI: "http://www.w3.org/2004/01/pp-impl/49311/status",
      issueBase:   "http://www.w3.org/2011/tracking-protection/track/issues/",
      processVersion: 2005,
      localBiblio: {
        "TPE": {
          "authors": ["Roy T. Fielding","David Singer"],
          "status" : "CR",
          "href"   : "http://www.w3.org/TR/tracking-dnt/",
          "title"  : "Tracking Preference Expression (DNT)",
          "date"   : "20 August 2015",
          "publisher" : "W3C"
        }
      }
    }
  </script>
  <style>
table.simple {
    width: 40%;
    margin: 0 auto;
  }
  </style>
</head>

<body>
  <section id="abstract">
    <p>This specification defines a set of practices for compliance with a
    user's Do Not Track (DNT) tracking preference to which a server may claim
    adherence.</p>
  </section>

  <section id="sotd">
    <p><strong>This document is a pre-publication test only, not a published Candidate Recommendation.</strong></p>
    
    <p>
      Readers may review <a href="http://services.w3.org/htmldiff?doc1=https%3A%2F%2Fwww.w3.org%2FTR%2F2015%2FWD-tracking-compliance-20150714%2F&doc2=https%3A%2F%2Fwww.w3.org%2F2011%2Ftracking-protection%2Fdrafts%2Ftracking-compliance.html">changes from the Last Call Working Draft</a>. Some changes were purely editorial (correcting or clarifying lists). Two Note blocks were added to clarify the definition of "party" and to provide relevant resources for legal compliance. The permanent URI to this version will be updated in Section 3.1 for publication as a Candidate Recommendation.

      An
      <a href="http://www.w3.org/2011/tracking-protection/track/issues/">issue tracking system</a>
      is available for recording
      <a href="http://www.w3.org/2011/tracking-protection/track/issues/raised">raised</a>,
      <a href="http://www.w3.org/2011/tracking-protection/track/issues/open">open</a>,
      <a href="http://www.w3.org/2011/tracking-protection/track/issues/pendingreview">pending review</a>,
      <a href="http://www.w3.org/2011/tracking-protection/track/issues/closed">closed</a>, and
      <a href="http://www.w3.org/2011/tracking-protection/track/issues/postponed">postponed</a>
      issues regarding this document. There is also a list of
      <a href="http://www.w3.org/2011/tracking-protection/track/products/8">issues
      reported and addressed during the Last Call period</a>.
    </p>
    <p>
      The Working Group previously
    published a Candidate Recommendation of the companion <a href=
    "http://www.w3.org/TR/tracking-dnt/">Tracking Preference Expression (DNT)</a>
    document.</p>
  </section>

  <section id="scope-and-goals">
    <h2>Scope</h2>

    <p>Do Not Track is designed to provide users with a simple mechanism to
    express a preference to allow or limit online <a>tracking</a>. Complying
    with the user's preference as described in this document includes limits on
    the collection, retention and use of data collected as a <a>third party</a>
    to <a data-lt="user action">user actions</a> and the sharing of data not
    <a>permanently de-identified</a>.</p>

    <p>This specification is intended for compliance with expressed user
    preferences via <a data-lt="user agent">user agents</a> that (1) can access
    the general browsable Web; (2) have a user interface that satisfies the
    requirements in <a href=
    "http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#determining">
    Determining User Preference</a> in the [[!TPE]] specification; and, (3) can
    implement all of the [[!TPE]] specification, including the mechanisms for
    communicating a tracking status, and the user-granted exception
    mechanism.</p>

    <p>It is outside the scope of this specification to control short-term,
    transient collection and use of data, so long as the data is not shared
    with a third party and is not used to build a profile about a user or
    otherwise alter an individual user’s experience outside the current network
    interaction. For example, the contextual customization of ads shown as part
    of the same network interaction is not restricted by a <code>DNT:1</code>
    signal.</p>
  </section>

  <section id="definitions">
    <h2>Definitions</h2>

    <section id="user">
      <h3>User</h3>

      <p>A <dfn>user</dfn> is a natural person who is making, or has made, use
      of the Web.</p>
    </section>

    <section id="user-agent">
      <h3>User Agent</h3>

      <p>The term <dfn>user agent</dfn> refers to any of the various client
      programs capable of initiating HTTP requests, including but not limited
      to browsers, spiders (web-based robots), command-line tools, native
      applications, and mobile apps [[!RFC7230]].</p>
    </section>

    <section id="network-interaction">
      <h3>Network Interaction</h3>

      <p>A <dfn>network interaction</dfn> is a single HTTP request and its
      corresponding response(s): zero or more interim (1xx) responses and a
      single final (2xx-5xx) response.</p>
    </section>

    <section id="user-action">
      <h3>User Action</h3>

      <p>A <dfn>user action</dfn> is a deliberate action by the user, via
      configuration, invocation, or selection, to initiate a network
      interaction. Selection of a link, submission of a form, and reloading a
      page are examples of user actions.</p>
    </section>

    <section id="party">
      <h3>Party</h3>

      <p>A <dfn>party</dfn> is a natural person, a legal entity, or a set of
      legal entities that share common owner(s), common controller(s), and a
      group identity that is easily discoverable by a user. Common branding or
      providing a list of affiliates that is available via a link from a
      resource where a party describes DNT practices are examples of ways to
      provide this discoverability.</p>

      <p class="note">When data pertaining to a <a>user action</a> is collected
      as a result of one or more network interactions, a party acts in one of
      roles defined below, i.e. as a <a>first party</a> or as a <a>third
      party</a> to a given user action. These terms are not meant to denote the
      business practices of a party as a whole, but rather to describe a
      party's role in a particular network interaction.</p>
    </section>

    <section id="service-provider">
      <h3>Service Provider</h3>

      <p>Access to Web resources often involves multiple parties that might
      process the data received in a network interaction. For example, domain
      name services, network access points, content distribution networks, load
      balancing services, security filters, cloud platforms, and
      software-as-a-service providers might be a party to a given network
      interaction because they are contracted by either the user or the
      resource owner to provide the mechanisms for communication. Likewise,
      additional parties might be engaged after a network interaction, such as
      when services or contractors are used to perform specialized data
      analysis or records retention.</p>

      <p>For the data received in a given network interaction, a <dfn>service
      provider</dfn> is considered to be the same party as its
      <dfn>contractee</dfn> if the service provider:</p>

      <ol>
        <li>processes the data on behalf of the contractee;</li>

        <li>ensures that the data is only retained, accessed, and used as
        directed by the contractee;</li>

        <li>has no independent right to use the data other than in a
        <a>permanently de-identified</a> form (e.g., for monitoring service
        integrity, load balancing, capacity planning, or billing); and,
        </li>

        <li>has a contract in place with the contractee which is consistent
        with the above limitations.</li>
      </ol>
    </section>

    <section id="first-party">
      <h3>First Party</h3>

      <p>With respect to a given user action, a <dfn>first party</dfn> is a
      party with which the user intends to interact, via one or more network
      interactions, as a result of making that action. Merely hovering over,
      muting, pausing, or closing a given piece of content does not constitute
      a user's intent to interact with another party.</p>

      <p>In some cases, a resource on the Web will be jointly controlled by two
      or more distinct parties. Each of those parties is considered a first
      party to a given user action if a user would reasonably expect to
      communicate with all of them when accessing that resource. For example,
      prominent co-branding on the resource might lead a user to expect that
      multiple parties are responsible for the content or functionality.</p>

      <p>Network interactions related to a given user action may not constitute
      intentional interaction when, for example, the user is unaware or only
      transiently informed of redirection or framed content.</p>
    </section>

    <section id="third-party">
      <h3>Third Party</h3>

      <p>For any data collected as a result of one or more network interactions
      resulting from a user's action, a <dfn>third party</dfn> is any party
      other than that user, a first party for that user action, or a service
      provider acting on behalf of either that user or that first party.</p>
    </section>

    <section id="deidentified">
      <h3>De-identification</h3>

      <p>Data is <dfn>permanently de-identified</dfn> when there exists a high
      level of confidence that no human subject of the data can be identified,
      directly or indirectly (e.g., via association with an identifier, user
      agent, or device), by that data alone or in combination with other
      retained or available information.</p>

      <section id="deidentified-considerations" class="informative">
        <h4>De-identification Considerations</h4>

        <p>In this specification the term <a>permanently de-identified</a> is
        used for data that has passed out of the scope of this specification
        and can not, and will never, come back into scope. The organization
        that performs the de-identification needs to be confident that the data
        can never again identify the human subjects whose activity contributed
        to the data. That confidence may result from ensuring or demonstrating
        that it is no longer possible to:</p>

        <ul>
          <li>isolate some or all records which correspond to a device or
          user;</li>

          <li>link two or more records (either from the same database or
          different databases), concerning the same device or user; or</li>

          <li>deduce, with significant probability, information about a device
          or user.</li>
        </ul>

        <p>Regardless of the de-identification approach, unique keys can be
        used to correlate records within the de-identified dataset, provided
        the keys do not exist and cannot be derived outside the de-identified
        dataset and have no meaning outside the de-identified dataset (i.e. no
        mapping table can exist that links the original identifiers to the keys
        in the de-identified dataset).</p>

        <p>In the case of records in such data that relate to a single user or
        a small number of users, usage and/or distribution restrictions are
        advisable; experience has shown that such records can, in fact,
        sometimes be used to identify the user or users despite technical
        measures taken to prevent re-identification. It is also a good practice
        to disclose (e.g. in the privacy policy) the process by which
        de-identification of these records is done, as this can both raise the
        level of confidence in the process, and allow for for feedback on the
        process. The restrictions might include, for example:</p>

        <ul>
          <li>technical safeguards that prohibit re-identification of
          de-identified data;</li>

          <li>business processes that specifically prohibit re-identification
          of de-identified data;</li>

          <li>business processes that prevent inadvertent release of
          de-identified data;</li>

          <li>administrative controls that limit access to de-identified
          data.</li>
        </ul>

        <p>Geolocation data (of a certain precision or over a period of time)
        may itself identify otherwise de-identified data.</p>
      </section>
    </section>

    <section id="tracking">
      <h3>Tracking</h3>

      <p><dfn>Tracking</dfn> is the collection of data regarding a particular
      user's activity across multiple distinct contexts and the retention, use,
      or sharing of data derived from that activity outside the context in
      which it occurred. A <dfn>context</dfn> is a set of resources that are
      controlled by the same party or jointly controlled by a set of
      parties.</p>
    </section>

    <section id="collection">
      <h3>Collect, Use, Share</h3>

      <p>A party <dfn>collects</dfn> data received in a network interaction if
      that data remains within the party’s control after the network
      interaction is complete.</p>

      <p>A party <dfn>uses</dfn> data if the party processes the data for any
      purpose other than storage or merely forwarding it to another party.</p>

      <p>A party <dfn>shares</dfn> data if it transfers or provides a copy of
      data to any other party.</p>
    </section>
  </section><!-- end definitions -->

  <section id="server-compliance">
    <h3>Server Compliance</h3>

    <section id="indicating-compliance">
      <h3>Indicating Compliance and Non-Compliance</h3>

      <p>In order to indicate a party's compliance with a user's expressed
      tracking preference as described in this specification for a given
      resource, an origin server:</p>

      <ol start="1">
        <li>MUST conform to the origin server requirements of [[!TPE]];</li>

        <li>MUST send a tracking status value other than <code>!</code> (under
        construction) or <code>D</code> (disregarding) for that resource;
        and</li>

        <li>MUST send, in a tracking status representation applicable to that
        resource, a compliance property that contains a reference to the
        following URI:

          <blockquote>
            <code>TBD</code>
          </blockquote>
        </li>
      </ol>

      <p class="note">When the CR is published, there will be a permanent URI in this section, pointing
      to content that does not change.</p>

      <p>When a user sends a <code>DNT:0</code> signal, the user is expressing
      a preference to allow tracking. This specification places no restrictions
      on collection or use of data from network interactions with
      <code>DNT:0</code> signals. Note, however, that a party might be limited
      by its own statements to the user regarding the <code>DNT:0</code>
      setting. For more information, see Section <a href=
      "#user-granted-exceptions"></a>.</p>

      <p>A party to a given user action which receives a <code>DNT:1</code>
      signal and is <a>tracking</a> that action MUST indicate so to the user
      agent. A party that is tracking a user with that user's consent to
      override an expressed <code>DNT:1</code> preference MUST indicate so with
      the corresponding <code>C</code> or <code>P</code> <a class="externalDFN"
      href=
      "http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#tracking-status-value">
      tracking status values</a>. A party that is tracking a user for reasons
      allowable under this specification (for example, for one of the permitted
      uses described below) MUST use the <code>T</code> value. A party to a
      given user action that is not engaged in tracking SHOULD use the
      <code>N</code> value (a <code>T</code> value is also conformant but not
      as informative).</p>

      <p>A party to a given user action that disregards a <code>DNT:1</code>
      signal MUST indicate that non-compliance to the user agent, using the
      response mechanism defined in the [[!TPE]] specification. The party MUST
      provide information in its privacy policy listing the specific reasons
      for not honoring the user's expressed preference. The party's
      representation MUST be clear and easily discoverable.</p>

      <p>In the interest of transparency, especially where multiple reasons are
      listed, a server might use the [[!TPE]] <a class="externalDFN" href=
      "http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#rep.qualifiers">
      qualifiers</a> or <a class="externalDFN" href=
      "http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#rep.config">
      config</a> properties to indicate a particular reason for disregarding or
      steps to address the issue. A user agent can parse this response to
      communicate the reason to the user or direct the user to the relevant
      section of a privacy policy. This document does not define specific
      qualifiers for different reasons servers might have for disregarding

[428 lines skipped]

Received on Sunday, 6 March 2016 21:32:42 UTC