issue-240 - further non normative text to clarify the definition of data collected "across multiple contexts" from Mike O'Neill on 2014-01-09 (public-tracking@w3.org from January 2014)

From: Mike O'Neill <michael.oneill@baycloud.com>
Date: Thu, 9 Jan 2014 01:38:45 -0000
To: "'Justin Brookman'" <jbrookman@cdt.org>, "'Roy T. Fielding'" <fielding@gbiv.com>, "David Singer" <singer@apple.com>
Cc: <public-tracking@w3.org>
Message-ID: <037c01cf0cdb$89cdc9d0$9d695d70$@baycloud.com>

As discussed today, here is some non-normative text attempting to clarify
the issue of data in one context being “tainted” by information collected in
another. This is important because the definition of tracking now leaves out
of scope data collected within a single context, i.e. by a data controller
responsible for either a  first-party or a third-party resource. This or
similar text is needed to ensure a “Do Not Collect” compliance
interpretation is still possible (without a compliance document having to
override the definition of tracking).

 

Non-normative text:

 

When data is collected in such a way that activity relating to another
context can be derived from it, for example it includes data extracted from
a Referer request or similar header, or information identifying another
context is embedded within the addressed URL string, or it has been
communicated through JavaScript executing an XmlHttpRequest or postMessage
function, such data can be assumed to reference a user’s activity across
multiple distinct contexts.

 

Mike

Received on Thursday, 9 January 2014 01:39:32 UTC