W3C home > Mailing lists > Public > public-tracking@w3.org > January 2012

Proposed Text for Issue 71

From: Amy Colando (LCA) <acolando@microsoft.com>
Date: Thu, 26 Jan 2012 16:30:35 +0000
To: "public-tracking@w3.org" <public-tracking@w3.org>
Message-ID: <81152EDFE766CB4692EA39AECD2AA5B6023CB584@TK5EX14MBXC296.redmond.corp.microsoft.com>
Here is text that Ninja and I worked on. Ninja, I incorporated most of your edits, but please feel free to comment and suggest text, as should others.

Issue number: 71
Issue name: Does DNT also affect past collection or use of past collection of info?
Issue URL: http://www.w3.org/2011/tracking-protection/track/issues/71
Section number in the FPWD: 4.3
Contributors to this text:
Ninja Marnau
Amy Colando

Description:

This is particularly of interest in Europe, where consent may only apply to information that will be collected in the future, not retrospectively. If DNT does affect prior data collection, how does that work in practice? What are companies responsible for?

DNT signal affects the HTTP request that it accompanies, and may be modified by the user.  As such, the DNT signal is transactional and granular in nature, and should not affect data previously gathered.


Specification:


*         When a third party receives a DNT signal, it MUST NOT relate additional data from that HTTP request to existing profiles associated with that user-agent that are based on data that the third party has previously collected across sites over time; this is  except as permitted by Exceptions stated elsewhere in this specification (e.g., user override, frequency capping, billing, silo-ed analytics).

*         Additionally, the entity MUST NOT use identifiers that it can determine were collected from the same user agent before the DNT signal was received, except as permitted by Exceptions, for as long as it continues to receive a DNT signal from that user-agent.

*         The entity MAY take additional steps with respect to previously collected DNXT data such as deleting data before its usual expiration. However, as DNT signal affects only HTTP request that it accompanies and may be modified by the user, it is not recommended that special deletion take place without some notice to user(s).


Examples and Use Cases:


1.      User visits Site A, to which Ad Network B delivers advertisements.  Ad Network B has accumulated transactional information about User from User's visits to Site A and other non-affiliated sites in the past. However, User now sends DNT signal with HTTP request during this session on Site A.  Ad Network B cannot add information from current HTTP request from Site A session to any profile it maintains on User. Since it must not collect and any data from this session and relate it to previously collected data, Network B must regard and treat him like completely unknown user to them, absent any Exceptions or override from user.


2.      Same as above scenario.  Based on transactional information collected about User's visits to non-affiliated sites in the past, Ad Network B has placed User into Technology Shopper Segment.  Since Ad Network B must not recognize User during sessions in which User is sending DNT signal via that browser, it cannot deliver Technology Shopper advertisement to User's browser, absent obtaining override from user.  Ad Network B may instead choose to deliver a random ad, an ad based on the context of Site A, or an ad based on general location based on IP address transmitted with HTTP

________________________________
Received on Thursday, 26 January 2012 16:31:35 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:38:30 UTC