- From: Ninja Marnau <ninja@w3.org>
- Date: Wed, 15 Jan 2014 13:56:56 +0100
- To: Mike O'Neill <michael.oneill@baycloud.com>, public-tracking@w3.org, rob@blaeu.com
- Message-ID: <52D68598.6060601@w3.org>
Mike, Rob, thank you for this new proposal. I will remove Mike's Proposal 3 from the wiki. Let's discuss the rationale of this new text in the call today. Ninja Am 15.01.14 13:43, schrieb Mike O'Neill: > > (This was meant to go on the list first but I sent it from the wrong > email address.) > > Rob and I agreed a minor change to the text on this. Here it is and I > have edited the wiki accordingly. It just takes out the redundant > repeated "and", clarifies the point that only the domains go into the > same-party property and says normatively that the site host name need > not be mentioned in same-party. The normative text was echoed at the > end of the non-normative so I fixed that in the same way. I also > changed field to property to correlate it with Roy's TPE changes. > > My proposal 3 is redundant now so it should be removed. > > Here is the changed text > > A context is a set of resources that MUST all share the same data > controller, MUST all be covered by the same privacy policy, MUST share > a common branding, and whose host domains, other than that of the > document origin, MUST be declared in the same-party property of the > Tracking Resource. > > Non-normative Note: > > In case the same-party field is empty, then only the given site is > considered to be the same context. In order for a definition of > context to be granular enough to distinguish one context from another, > a set of cumulative criteria is proposed. The purpose of this > definition is to reflect the user expectations that data collected for > a specified purpose by one of those resources is available to all > other resources within the same context. Data must not be shared > between different contexts. Respect for context and purpose limitation > within a context are important core principles for any use of > (personal) data within that context. Within any particular network > interaction within a context, a user can expect that session states > and other data (strictly) necessary to support the activity will be > retained or shared. Given the outcome of the Call for Objections, the > full combined tracking-context definition reads as: "Tracking is the > collection of data regarding a particular user's activity across > multiple distinct contexts and the retention, use, or sharing of data > derived from that activity outside the context in which it occurred. A > context is limited to the set of resources that share the same data > controller, are covered by the same privacy policy, share a common > branding, and whose host domains, other than that of the document > origin, have been declared in the same-party property of the Tracking > Resource." > > Mike >
Received on Wednesday, 15 January 2014 12:57:28 UTC