Re: issue-240

Defintion updated to be the same as last line of non-normative text. 
MUST's have been removed.

Proposed by Rob van Eijk and Mike O'Neill via email.

     A context is limited to the set of resources that share the same 
data controller, are covered by the same privacy policy, share a common 
branding, and whose host domains, other than that of the document 
origin, have been declared in the same-party property of the Tracking 
Resource.

     Non-normative Note:
     In case the same-party field is empty, then only the given site is 
considered to be the same context.
     In order for a definition of context to be granular enough to 
distinguish one context from another, a set of cumulative criteria is 
proposed. The purpose of this definition is to reflect the user 
expectations that data collected for a specified purpose by one of those 
resources is available to all other resources within the same context. 
Data must not be shared between different contexts. Respect for context 
and purpose limitation within a context are important core principles 
for any use of (personal) data within that context. Within any 
particular network interaction within a context, a user can expect that 
session states and other data (strictly) necessary to support the 
activity will be retained or shared.
     Given the outcome of the Call for Objections, the full combined 
tracking-context definition reads as: "Tracking is the collection of 
data regarding a particular user's activity across multiple distinct 
contexts and the retention, use, or sharing of data derived from that 
activity outside the context in which it occurred. A context is limited 
to the set of resources that share the same data controller, are covered 
by the same privacy policy, share a common branding, and whose host 
domains, other than that of the document origin, have been declared in 
the same-party property of the Tracking Resource."


Mike O'Neill schreef op 2014-01-15 13:43:
> (This was meant to go on the list first but I sent it from the wrong
> email address.)
> 
> Rob and I agreed a minor change to the text on this. Here it is and I
> have edited the wiki accordingly. It just takes out the redundant
> repeated "and", clarifies the point that only the domains go into the
> same-party property and says normatively that the site host name need
> not be mentioned in same-party. The normative text was echoed at the
> end of the non-normative so I fixed that in the same way. I also
> changed field to property to correlate it with Roy's TPE changes.
> 
> My proposal 3 is redundant now so it should be removed.
> 
> Here is the changed text
> 
> A context is a set of resources that MUST all share the same data
> controller, MUST all be covered by the same privacy policy, MUST share
> a common branding, and whose host domains, other than that of the
> document origin, MUST be declared in the same-party property of the
> Tracking Resource.
> 
> Non-normative Note:
> 
> In case the same-party field is empty, then only the given site is
> considered to be the same context. In order for a definition of
> context to be granular enough to distinguish one context from another,
> a set of cumulative criteria is proposed. The purpose of this
> definition is to reflect the user expectations that data collected for
> a specified purpose by one of those resources is available to all
> other resources within the same context. Data must not be shared
> between different contexts. Respect for context and purpose limitation
> within a context are important core principles for any use of
> (personal) data within that context. Within any particular network
> interaction within a context, a user can expect that session states
> and other data (strictly) necessary to support the activity will be
> retained or shared. Given the outcome of the Call for Objections, the
> full combined tracking-context definition reads as: "Tracking is the
> collection of data regarding a particular user's activity across
> multiple distinct contexts and the retention, use, or sharing of data
> derived from that activity outside the context in which it occurred. A
> context is limited to the set of resources that share the same data
> controller, are covered by the same privacy policy, share a common
> branding, and whose host domains, other than that of the document
> origin, have been declared in the same-party property of the Tracking
> Resource."
> 
> Mike

Received on Wednesday, 29 January 2014 17:42:18 UTC