- From: Nicholas Doty <npdoty@w3.org>
- Date: Tue, 25 Jun 2013 01:17:32 -0700
- To: David Singer <singer@apple.com>
- Cc: "public-tracking@w3.org Mailing List" <public-tracking@w3.org>
Hi David, I've create ISSUE-204 to the Compliance June product; a new issue for the topic of this change. (It may also be related to ISSUE-16, but this is more narrowly defined.) I've set up a wiki page for this proposal: http://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_Transience_Collection It occurs to me that one iteration would be to define "retain" alone, rather than defining collection and retention as the same. Thanks, Nick On Jun 20, 2013, at 3:25 PM, David Singer <singer@apple.com> wrote: > Problem > > "If a third party receives a DNT: 1 signal, then: > > • the third party must not collect, retain, share, or use information related to the network interaction as part of which it received the DNT: 1 signal outside of the permitted uses as defined within this standard and any explicitly-granted exceptions provided in accordance with the requirements of this standard; > • the third party must not use information about previous network interactions in which it was a third party, outside of the permitted uses as defined within this standard and any explicitly-granted exceptions, provided in accordance with the requirements of this standard." > > > 1) We imply but nowhere say, that what third parties must do under DNT:1 is to reduce 'tracking', as defined. > 2) We don't allow out-of-band-consent. > 3) Exceptions don't need to be mentioned, as they cause DNT:0 to be sent, not DNT:1. > > Proposal > > Insert 'tracking' twice and remove exceptions: > > If a third party receives a DNT: 1 signal, then, unless it has consent from the user: > > • the third party must not collect, retain, share, or use tracking information related to the network interaction as part of which it received the DNT: 1 signal outside of the permitted uses as defined within this standard; > • the third party must not use tracking information about previous network interactions in which it was a third party, outside of the permitted uses as defined within this standard. > > > David Singer > Multimedia and Software Standards, Apple Inc. On Jun 20, 2013, at 3:11 PM, David Singer <singer@apple.com> wrote: > Problem > > "A party collects data if it receives the data and shares the data with other parties or stores the data for more than a transient period. > > A party retains data if data remains within a party's control beyond the scope of the current network interaction." > > 1) 'Transient period' is undefined. > > 2) The distinction between 'collect' and 'retain' seems blurred. > > 3) It's not clear what 'share' has to do with 'retain'. > > 4) We don't link the definitions to 'tracking'. > > > Proposal > > (soft proposal, I think this needs working on by lawyers) > > Replace with > > "A party collects or retains data if it receives the data and keeps it after the network interaction in which it occurred is complete" > > > David Singer > Multimedia and Software Standards, Apple Inc. > >
Received on Tuesday, 25 June 2013 08:17:44 UTC