- From: Mike O'Neill <michael.oneill@baycloud.com>
- Date: Wed, 15 Jan 2014 12:43:32 -0000
- To: <public-tracking@w3.org>
- Cc: <rob@blaeu.com>
- Message-ID: <0ada01cf11ef$664e7ef0$32eb7cd0$@baycloud.com>
(This was meant to go on the list first but I sent it from the wrong email address.) Rob and I agreed a minor change to the text on this. Here it is and I have edited the wiki accordingly. It just takes out the redundant repeated “and”, clarifies the point that only the domains go into the same-party property and says normatively that the site host name need not be mentioned in same-party. The normative text was echoed at the end of the non-normative so I fixed that in the same way. I also changed field to property to correlate it with Roy’s TPE changes. My proposal 3 is redundant now so it should be removed. Here is the changed text A context is a set of resources that MUST all share the same data controller, MUST all be covered by the same privacy policy, MUST share a common branding, and whose host domains, other than that of the document origin, MUST be declared in the same-party property of the Tracking Resource. Non-normative Note: In case the same-party field is empty, then only the given site is considered to be the same context. In order for a definition of context to be granular enough to distinguish one context from another, a set of cumulative criteria is proposed. The purpose of this definition is to reflect the user expectations that data collected for a specified purpose by one of those resources is available to all other resources within the same context. Data must not be shared between different contexts. Respect for context and purpose limitation within a context are important core principles for any use of (personal) data within that context. Within any particular network interaction within a context, a user can expect that session states and other data (strictly) necessary to support the activity will be retained or shared. Given the outcome of the Call for Objections, the full combined tracking-context definition reads as: "Tracking is the collection of data regarding a particular user's activity across multiple distinct contexts and the retention, use, or sharing of data derived from that activity outside the context in which it occurred. A context is limited to the set of resources that share the same data controller, are covered by the same privacy policy, share a common branding, and whose host domains, other than that of the document origin, have been declared in the same-party property of the Tracking Resource.” Mike
Received on Wednesday, 15 January 2014 12:44:12 UTC