- From: CVS User npdoty <cvsmail@w3.org>
- Date: Sun, 06 Mar 2016 21:32:39 +0000
- To: public-tracking-commit@w3.org
Update of /w3ccvs/WWW/2011/tracking-protection/drafts
In directory gil:/var/tmp/cvs-serv40943
Added Files:
tracking-compliance-cr-prep.html
Log Message:
CR pre-publication test for Compliance
--- /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-compliance-cr-prep.html 2016/03/06 21:32:39 NONE
+++ /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-compliance-cr-prep.html 2016/03/06 21:32:39 1.1
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<title>Tracking Compliance and Scope</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<script src="http://www.w3.org/Tools/respec/respec-w3c-common" class="remove"
async="">
</script>
<script class="remove">
var respecConfig = {
specStatus: "CR",
shortName: "tracking-compliance",
previousMaturity: "LCWD",
previousPublishDate: "2014-07-15",
crEnd: "2016-06-15",
implementationReportURI: "https://www.w3.org/wiki/Privacy/TPWG/TCS_Implementation_Report",
edDraftURI: "http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html",
editors: [
{ name: "Nick Doty", url: "https://npdoty.name" },
{ name: "Heather West",
company: "Google", companyURL: "http://google.com/",
note: "until 2014" },
{ name: "Justin Brookman",
company: "CDT", companyURL: "http://cdt.org/",
note: "until September 2013" },
{ name: "Sean Harvey",
company: "Google", companyURL: "http://google.com/",
note: "until June 2012" },
{ name: "Erica Newland",
company: "CDT", companyURL: "http://cdt.org/",
note: "until May 2012" },
],
wg: "Tracking Protection Working Group",
wgURI: "http://www.w3.org/2011/tracking-protection/",
wgPublicList: "public-tracking-comments",
wgPatentURI: "http://www.w3.org/2004/01/pp-impl/49311/status",
issueBase: "http://www.w3.org/2011/tracking-protection/track/issues/",
processVersion: 2005,
localBiblio: {
"TPE": {
"authors": ["Roy T. Fielding","David Singer"],
"status" : "CR",
"href" : "http://www.w3.org/TR/tracking-dnt/",
"title" : "Tracking Preference Expression (DNT)",
"date" : "20 August 2015",
"publisher" : "W3C"
}
}
}
</script>
<style>
table.simple {
width: 40%;
margin: 0 auto;
}
</style>
</head>
<body>
<section id="abstract">
<p>This specification defines a set of practices for compliance with a
user's Do Not Track (DNT) tracking preference to which a server may claim
adherence.</p>
</section>
<section id="sotd">
<p><strong>This document is a pre-publication test only, not a published Candidate Recommendation.</strong></p>
<p>
Readers may review <a href="http://services.w3.org/htmldiff?doc1=https%3A%2F%2Fwww.w3.org%2FTR%2F2015%2FWD-tracking-compliance-20150714%2F&doc2=https%3A%2F%2Fwww.w3.org%2F2011%2Ftracking-protection%2Fdrafts%2Ftracking-compliance.html">changes from the Last Call Working Draft</a>. Some changes were purely editorial (correcting or clarifying lists). Two Note blocks were added to clarify the definition of "party" and to provide relevant resources for legal compliance. The permanent URI to this version will be updated in Section 3.1 for publication as a Candidate Recommendation.
An
<a href="http://www.w3.org/2011/tracking-protection/track/issues/">issue tracking system</a>
is available for recording
<a href="http://www.w3.org/2011/tracking-protection/track/issues/raised">raised</a>,
<a href="http://www.w3.org/2011/tracking-protection/track/issues/open">open</a>,
<a href="http://www.w3.org/2011/tracking-protection/track/issues/pendingreview">pending review</a>,
<a href="http://www.w3.org/2011/tracking-protection/track/issues/closed">closed</a>, and
<a href="http://www.w3.org/2011/tracking-protection/track/issues/postponed">postponed</a>
issues regarding this document. There is also a list of
<a href="http://www.w3.org/2011/tracking-protection/track/products/8">issues
reported and addressed during the Last Call period</a>.
</p>
<p>
The Working Group previously
published a Candidate Recommendation of the companion <a href=
"http://www.w3.org/TR/tracking-dnt/">Tracking Preference Expression (DNT)</a>
document.</p>
</section>
<section id="scope-and-goals">
<h2>Scope</h2>
<p>Do Not Track is designed to provide users with a simple mechanism to
express a preference to allow or limit online <a>tracking</a>. Complying
with the user's preference as described in this document includes limits on
the collection, retention and use of data collected as a <a>third party</a>
to <a data-lt="user action">user actions</a> and the sharing of data not
<a>permanently de-identified</a>.</p>
<p>This specification is intended for compliance with expressed user
preferences via <a data-lt="user agent">user agents</a> that (1) can access
the general browsable Web; (2) have a user interface that satisfies the
requirements in <a href=
"http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#determining">
Determining User Preference</a> in the [[!TPE]] specification; and, (3) can
implement all of the [[!TPE]] specification, including the mechanisms for
communicating a tracking status, and the user-granted exception
mechanism.</p>
<p>It is outside the scope of this specification to control short-term,
transient collection and use of data, so long as the data is not shared
with a third party and is not used to build a profile about a user or
otherwise alter an individual user’s experience outside the current network
interaction. For example, the contextual customization of ads shown as part
of the same network interaction is not restricted by a <code>DNT:1</code>
signal.</p>
</section>
<section id="definitions">
<h2>Definitions</h2>
<section id="user">
<h3>User</h3>
<p>A <dfn>user</dfn> is a natural person who is making, or has made, use
of the Web.</p>
</section>
<section id="user-agent">
<h3>User Agent</h3>
<p>The term <dfn>user agent</dfn> refers to any of the various client
programs capable of initiating HTTP requests, including but not limited
to browsers, spiders (web-based robots), command-line tools, native
applications, and mobile apps [[!RFC7230]].</p>
</section>
<section id="network-interaction">
<h3>Network Interaction</h3>
<p>A <dfn>network interaction</dfn> is a single HTTP request and its
corresponding response(s): zero or more interim (1xx) responses and a
single final (2xx-5xx) response.</p>
</section>
<section id="user-action">
<h3>User Action</h3>
<p>A <dfn>user action</dfn> is a deliberate action by the user, via
configuration, invocation, or selection, to initiate a network
interaction. Selection of a link, submission of a form, and reloading a
page are examples of user actions.</p>
</section>
<section id="party">
<h3>Party</h3>
<p>A <dfn>party</dfn> is a natural person, a legal entity, or a set of
legal entities that share common owner(s), common controller(s), and a
group identity that is easily discoverable by a user. Common branding or
providing a list of affiliates that is available via a link from a
resource where a party describes DNT practices are examples of ways to
provide this discoverability.</p>
<p class="note">When data pertaining to a <a>user action</a> is collected
as a result of one or more network interactions, a party acts in one of
roles defined below, i.e. as a <a>first party</a> or as a <a>third
party</a> to a given user action. These terms are not meant to denote the
business practices of a party as a whole, but rather to describe a
party's role in a particular network interaction.</p>
</section>
<section id="service-provider">
<h3>Service Provider</h3>
<p>Access to Web resources often involves multiple parties that might
process the data received in a network interaction. For example, domain
name services, network access points, content distribution networks, load
balancing services, security filters, cloud platforms, and
software-as-a-service providers might be a party to a given network
interaction because they are contracted by either the user or the
resource owner to provide the mechanisms for communication. Likewise,
additional parties might be engaged after a network interaction, such as
when services or contractors are used to perform specialized data
analysis or records retention.</p>
<p>For the data received in a given network interaction, a <dfn>service
provider</dfn> is considered to be the same party as its
<dfn>contractee</dfn> if the service provider:</p>
<ol>
<li>processes the data on behalf of the contractee;</li>
<li>ensures that the data is only retained, accessed, and used as
directed by the contractee;</li>
<li>has no independent right to use the data other than in a
<a>permanently de-identified</a> form (e.g., for monitoring service
integrity, load balancing, capacity planning, or billing); and,
</li>
<li>has a contract in place with the contractee which is consistent
with the above limitations.</li>
</ol>
</section>
<section id="first-party">
<h3>First Party</h3>
<p>With respect to a given user action, a <dfn>first party</dfn> is a
party with which the user intends to interact, via one or more network
interactions, as a result of making that action. Merely hovering over,
muting, pausing, or closing a given piece of content does not constitute
a user's intent to interact with another party.</p>
<p>In some cases, a resource on the Web will be jointly controlled by two
or more distinct parties. Each of those parties is considered a first
party to a given user action if a user would reasonably expect to
communicate with all of them when accessing that resource. For example,
prominent co-branding on the resource might lead a user to expect that
multiple parties are responsible for the content or functionality.</p>
<p>Network interactions related to a given user action may not constitute
intentional interaction when, for example, the user is unaware or only
transiently informed of redirection or framed content.</p>
</section>
<section id="third-party">
<h3>Third Party</h3>
<p>For any data collected as a result of one or more network interactions
resulting from a user's action, a <dfn>third party</dfn> is any party
other than that user, a first party for that user action, or a service
provider acting on behalf of either that user or that first party.</p>
</section>
<section id="deidentified">
<h3>De-identification</h3>
<p>Data is <dfn>permanently de-identified</dfn> when there exists a high
level of confidence that no human subject of the data can be identified,
directly or indirectly (e.g., via association with an identifier, user
agent, or device), by that data alone or in combination with other
retained or available information.</p>
<section id="deidentified-considerations" class="informative">
<h4>De-identification Considerations</h4>
<p>In this specification the term <a>permanently de-identified</a> is
used for data that has passed out of the scope of this specification
and can not, and will never, come back into scope. The organization
that performs the de-identification needs to be confident that the data
can never again identify the human subjects whose activity contributed
to the data. That confidence may result from ensuring or demonstrating
that it is no longer possible to:</p>
<ul>
<li>isolate some or all records which correspond to a device or
user;</li>
<li>link two or more records (either from the same database or
different databases), concerning the same device or user; or</li>
<li>deduce, with significant probability, information about a device
or user.</li>
</ul>
<p>Regardless of the de-identification approach, unique keys can be
used to correlate records within the de-identified dataset, provided
the keys do not exist and cannot be derived outside the de-identified
dataset and have no meaning outside the de-identified dataset (i.e. no
mapping table can exist that links the original identifiers to the keys
in the de-identified dataset).</p>
<p>In the case of records in such data that relate to a single user or
a small number of users, usage and/or distribution restrictions are
advisable; experience has shown that such records can, in fact,
sometimes be used to identify the user or users despite technical
measures taken to prevent re-identification. It is also a good practice
to disclose (e.g. in the privacy policy) the process by which
de-identification of these records is done, as this can both raise the
level of confidence in the process, and allow for for feedback on the
process. The restrictions might include, for example:</p>
<ul>
<li>technical safeguards that prohibit re-identification of
de-identified data;</li>
<li>business processes that specifically prohibit re-identification
of de-identified data;</li>
<li>business processes that prevent inadvertent release of
de-identified data;</li>
<li>administrative controls that limit access to de-identified
data.</li>
</ul>
<p>Geolocation data (of a certain precision or over a period of time)
may itself identify otherwise de-identified data.</p>
</section>
</section>
<section id="tracking">
<h3>Tracking</h3>
<p><dfn>Tracking</dfn> is the collection of data regarding a particular
user's activity across multiple distinct contexts and the retention, use,
or sharing of data derived from that activity outside the context in
which it occurred. A <dfn>context</dfn> is a set of resources that are
controlled by the same party or jointly controlled by a set of
parties.</p>
</section>
<section id="collection">
<h3>Collect, Use, Share</h3>
<p>A party <dfn>collects</dfn> data received in a network interaction if
that data remains within the party’s control after the network
interaction is complete.</p>
<p>A party <dfn>uses</dfn> data if the party processes the data for any
purpose other than storage or merely forwarding it to another party.</p>
<p>A party <dfn>shares</dfn> data if it transfers or provides a copy of
data to any other party.</p>
</section>
</section><!-- end definitions -->
<section id="server-compliance">
<h3>Server Compliance</h3>
<section id="indicating-compliance">
<h3>Indicating Compliance and Non-Compliance</h3>
<p>In order to indicate a party's compliance with a user's expressed
tracking preference as described in this specification for a given
resource, an origin server:</p>
<ol start="1">
<li>MUST conform to the origin server requirements of [[!TPE]];</li>
<li>MUST send a tracking status value other than <code>!</code> (under
construction) or <code>D</code> (disregarding) for that resource;
and</li>
<li>MUST send, in a tracking status representation applicable to that
resource, a compliance property that contains a reference to the
following URI:
<blockquote>
<code>TBD</code>
</blockquote>
</li>
</ol>
<p class="note">When the CR is published, there will be a permanent URI in this section, pointing
to content that does not change.</p>
<p>When a user sends a <code>DNT:0</code> signal, the user is expressing
a preference to allow tracking. This specification places no restrictions
on collection or use of data from network interactions with
<code>DNT:0</code> signals. Note, however, that a party might be limited
by its own statements to the user regarding the <code>DNT:0</code>
setting. For more information, see Section <a href=
"#user-granted-exceptions"></a>.</p>
<p>A party to a given user action which receives a <code>DNT:1</code>
signal and is <a>tracking</a> that action MUST indicate so to the user
agent. A party that is tracking a user with that user's consent to
override an expressed <code>DNT:1</code> preference MUST indicate so with
the corresponding <code>C</code> or <code>P</code> <a class="externalDFN"
href=
"http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#tracking-status-value">
tracking status values</a>. A party that is tracking a user for reasons
allowable under this specification (for example, for one of the permitted
uses described below) MUST use the <code>T</code> value. A party to a
given user action that is not engaged in tracking SHOULD use the
<code>N</code> value (a <code>T</code> value is also conformant but not
as informative).</p>
<p>A party to a given user action that disregards a <code>DNT:1</code>
signal MUST indicate that non-compliance to the user agent, using the
response mechanism defined in the [[!TPE]] specification. The party MUST
provide information in its privacy policy listing the specific reasons
for not honoring the user's expressed preference. The party's
representation MUST be clear and easily discoverable.</p>
<p>In the interest of transparency, especially where multiple reasons are
listed, a server might use the [[!TPE]] <a class="externalDFN" href=
"http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#rep.qualifiers">
qualifiers</a> or <a class="externalDFN" href=
"http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#rep.config">
config</a> properties to indicate a particular reason for disregarding or
steps to address the issue. A user agent can parse this response to
communicate the reason to the user or direct the user to the relevant
section of a privacy policy. This document does not define specific
qualifiers for different reasons servers might have for disregarding
[428 lines skipped]
Received on Sunday, 6 March 2016 21:32:42 UTC