tracking-ISSUE-218: Data that is out of scope [Compliance Current]

tracking-ISSUE-218: Data that is out of scope [Compliance Current]

http://www.w3.org/2011/tracking-protection/track/issues/218

Raised by: Roy Fielding
On product: Compliance Current

There has been a lot of discussion about de-identified data and contextual data, but the only mention of them being out of scope is buried at the bottom of the requirements on third parties:

  "When a third party receives a DNT:1 signal, that third party MAY nevertheless collect, retain, share or use data related to that network interaction if the data is de-identified as defined in this specification."

  "It is outside the scope of this specification to control short-term, transient collection and use of data, so long as the data is not shared with a third party and is not used to build a profile about a user or otherwise alter an individual user’s user experience outside the current network interaction. For example, the contextual customization of ads shown as part of the same network interaction is not restricted by DNT: 1."

  "It is outside the scope of this specification to control the collection and use of de-identified data."

The above statements have an impact on the understanding of all the requirements in the spec. They need to be stated at the beginning of Compliance, to clarify for readers that DNT simply doesn't apply, and it must be clear that these statements apply to all parties.

Received on Wednesday, 2 October 2013 09:17:21 UTC