In an off-list discussion about the compromise proposal David flagged that
it could be read to allow third-party retention of data derived from the act
of visiting a first-party site, e.g. what category of site, time of visit
etc. So a server receiving a third-party request could retain data about the
first-party resource, say a Guns & Ammo site and when it was visited, and
associate that with a unique user identifier to build up an activity
history.
I have tried to come up with a definition that encompasses the first-party
alleviation which does not end of over-complicating what should be a simple
definition.
I now have this, though I still don't think it is as clear as the current
draft or option 4 (which I prefer) with the party qualification laid out in
the compliance section.
A transport request is any request for content delivery over the public
internet.
Transport data is data in, or derived from, a given transport request.
Tracking data is a subset of transport data which can be used to recognise
subsequent transport requests to be from the same user, user agent, or
device.
Tracking is the sharing of tracking data with a third-party, or its
retention by a party other than the first-party.
Mike