- From: Tom Lowenthal <tom@mozilla.com>
- Date: Wed, 05 Oct 2011 10:07:32 -0700
- To: "public-tracking@w3.org" <public-tracking@w3.org>
- Message-ID: <4E8C8ED4.4020900@mozilla.com>
Proposal is at: https://people.mozilla.com/~tlowenthal/dnt/tpwg_action-9_proposal.md --- Interpretation of the DNT signal by 1st Parties =============================================== Proposal to the W3C Tracking Protection Working Group Authored by Thomas Lowenthal, Mozilla Associated with [Action 9](http://www.w3.org/2011/tracking-protection/track/actions/9) When a first party receives a request where - they know that they are a first party, and - the DNT signal is on, that party **should**: - store as little information about that request as possible, - store as little information about the user who made the request as possible, - take all reasonable steps to protect the privacy and anonymity of the user who made the request; and that party **may**: - provide an affirmative notice to that user regarding the steps that the site takes as a result of the user's expressed preference, - provide the user with additional options to choose how the site should further protect that user's privacy; and that party **should not**: - send information about that request or the user who made the request to any other entity, unless - the entity to which the information is sent is performing a service as the agent of that party, and - that entity is bound by contractual or technical means - to keep information associated with requests and users related to this party completely separate from information associated with any other information they keep, and - not to further share such information except under similar restrictions, or - it is the user's deliberate intent to share information - (for instance, when a user sends an email through a webmail provider, that provider should send that email to the destination server); and that party **must only**: - store information about that request where - each piece of information is stored for a particular purpose, and - the party posts a readily-accessible policy which describes - what information is collected, and - the purpose for which each piece of information is stored.
Received on Wednesday, 5 October 2011 17:08:05 UTC