Re: June Change Proposal, definitions of collect/retain

Hi David,

I've create ISSUE-204 to the Compliance June product; a new issue for the topic of this change. (It may also be related to ISSUE-16, but this is more narrowly defined.)

I've set up a wiki page for this proposal: http://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_Transience_Collection

It occurs to me that one iteration would be to define "retain" alone, rather than defining collection and retention as the same.

Thanks,
Nick

On Jun 20, 2013, at 3:25 PM, David Singer <singer@apple.com> wrote:

> Problem
> 
> "If a third party receives a DNT: 1 signal, then:
> 
> 	• the third party must not collect, retain, share, or use information related to the network interaction as part of which it received the DNT: 1 signal outside of the permitted uses as defined within this standard and any explicitly-granted exceptions provided in accordance with the requirements of this standard;
> 	• the third party must not use information about previous network interactions in which it was a third party, outside of the permitted uses as defined within this standard and any explicitly-granted exceptions, provided in accordance with the requirements of this standard."
> 
> 
> 1) We imply but nowhere say, that what third parties must do under DNT:1 is to reduce 'tracking', as defined.
> 2) We don't allow out-of-band-consent.
> 3) Exceptions don't need to be mentioned, as they cause DNT:0 to be sent, not DNT:1.
> 
> Proposal
> 
> Insert 'tracking' twice and remove exceptions:
> 
> If a third party receives a DNT: 1 signal, then, unless it has consent from the user:
> 
> 	• the third party must not collect, retain, share, or use tracking information related to the network interaction as part of which it received the DNT: 1 signal outside of the permitted uses as defined within this standard;
> 	• the third party must not use tracking information about previous network interactions in which it was a third party, outside of the permitted uses as defined within this standard.
> 
> 
> David Singer
> Multimedia and Software Standards, Apple Inc.

On Jun 20, 2013, at 3:11 PM, David Singer <singer@apple.com> wrote:

> Problem
> 
> "A party collects data if it receives the data and shares the data with other parties or stores the data for more than a transient period.
> 
> A party retains data if data remains within a party's control beyond the scope of the current network interaction."
> 
> 1) 'Transient period' is undefined.
> 
> 2) The distinction between 'collect' and 'retain' seems blurred.
> 
> 3) It's not clear what 'share' has to do with 'retain'.
> 
> 4) We don't link the definitions to 'tracking'.
> 
> 
> Proposal
> 
> (soft proposal, I think this needs working on by lawyers)
> 
> Replace with
> 
> "A party collects or retains data if it receives the data and keeps it after the network interaction in which it occurred is complete"
> 
> 
> David Singer
> Multimedia and Software Standards, Apple Inc.
> 
> 

Received on Tuesday, 25 June 2013 08:17:44 UTC