As discussed today, here is some non-normative text attempting to clarify
the issue of data in one context being “tainted” by information collected in
another. This is important because the definition of tracking now leaves out
of scope data collected within a single context, i.e. by a data controller
responsible for either a first-party or a third-party resource. This or
similar text is needed to ensure a “Do Not Collect” compliance
interpretation is still possible (without a compliance document having to
override the definition of tracking).
Non-normative text:
When data is collected in such a way that activity relating to another
context can be derived from it, for example it includes data extracted from
a Referer request or similar header, or information identifying another
context is embedded within the addressed URL string, or it has been
communicated through JavaScript executing an XmlHttpRequest or postMessage
function, such data can be assumed to reference a user’s activity across
multiple distinct contexts.
Mike