- From: Roy T. Fielding <fielding@gbiv.com>
- Date: Wed, 5 Feb 2014 00:44:26 -0800
- To: Tracking Protection Working Group <public-tracking@w3.org>
- Cc: Ninja Marnau <ninja@w3.org>
I have changed my proposal as well, based on feedback regarding problems with requiring a single privacy policy. [In essence, privacy policies often differ by region and are associated with data when it is collected, whereas a site might consist of many regional websites that combine data with permission from other regional sources (e.g., Twitter), combine older resources with new resources that have an updated policy, or combine multiple resources under the most restrictive union of those policies. A user of such sites would still consider them a single context, so we are better off not tying user expectations to the presence of a single policy.] Proposal 1 - Common controller and group identity A context is a set of resources with a common data controller and a group identity that is easily discoverable by a user. A context represents a typical user's expectations regarding the boundaries of a commonly branded Web site (i.e., what makes it distinct from sites with a different group identity) independent of the technology, domain names, or parties operating that site via one or more origin servers. https://www.w3.org/wiki/Privacy/TPWG/Proposals_on_the_definition_of_context#Proposal_1_-_Common_controller_and_group_identity Cheers, Roy T. Fielding <http://roy.gbiv.com/> Senior Principal Scientist, Adobe <https://www.adobe.com/>
Received on Wednesday, 5 February 2014 08:44:51 UTC