- From: Rob van Eijk <rob@blaeu.com>
- Date: Wed, 29 Jan 2014 18:41:47 +0100
- To: "Mike O'Neill" <michael.oneill@baycloud.com>
- Cc: public-tracking@w3.org
Defintion updated to be the same as last line of non-normative text.
MUST's have been removed.
Proposed by Rob van Eijk and Mike O'Neill via email.
A context is limited to the set of resources that share the same
data controller, are covered by the same privacy policy, share a common
branding, and whose host domains, other than that of the document
origin, have been declared in the same-party property of the Tracking
Resource.
Non-normative Note:
In case the same-party field is empty, then only the given site is
considered to be the same context.
In order for a definition of context to be granular enough to
distinguish one context from another, a set of cumulative criteria is
proposed. The purpose of this definition is to reflect the user
expectations that data collected for a specified purpose by one of those
resources is available to all other resources within the same context.
Data must not be shared between different contexts. Respect for context
and purpose limitation within a context are important core principles
for any use of (personal) data within that context. Within any
particular network interaction within a context, a user can expect that
session states and other data (strictly) necessary to support the
activity will be retained or shared.
Given the outcome of the Call for Objections, the full combined
tracking-context definition reads as: "Tracking is the collection of
data regarding a particular user's activity across multiple distinct
contexts and the retention, use, or sharing of data derived from that
activity outside the context in which it occurred. A context is limited
to the set of resources that share the same data controller, are covered
by the same privacy policy, share a common branding, and whose host
domains, other than that of the document origin, have been declared in
the same-party property of the Tracking Resource."
Mike O'Neill schreef op 2014-01-15 13:43:
> (This was meant to go on the list first but I sent it from the wrong
> email address.)
>
> Rob and I agreed a minor change to the text on this. Here it is and I
> have edited the wiki accordingly. It just takes out the redundant
> repeated "and", clarifies the point that only the domains go into the
> same-party property and says normatively that the site host name need
> not be mentioned in same-party. The normative text was echoed at the
> end of the non-normative so I fixed that in the same way. I also
> changed field to property to correlate it with Roy's TPE changes.
>
> My proposal 3 is redundant now so it should be removed.
>
> Here is the changed text
>
> A context is a set of resources that MUST all share the same data
> controller, MUST all be covered by the same privacy policy, MUST share
> a common branding, and whose host domains, other than that of the
> document origin, MUST be declared in the same-party property of the
> Tracking Resource.
>
> Non-normative Note:
>
> In case the same-party field is empty, then only the given site is
> considered to be the same context. In order for a definition of
> context to be granular enough to distinguish one context from another,
> a set of cumulative criteria is proposed. The purpose of this
> definition is to reflect the user expectations that data collected for
> a specified purpose by one of those resources is available to all
> other resources within the same context. Data must not be shared
> between different contexts. Respect for context and purpose limitation
> within a context are important core principles for any use of
> (personal) data within that context. Within any particular network
> interaction within a context, a user can expect that session states
> and other data (strictly) necessary to support the activity will be
> retained or shared. Given the outcome of the Call for Objections, the
> full combined tracking-context definition reads as: "Tracking is the
> collection of data regarding a particular user's activity across
> multiple distinct contexts and the retention, use, or sharing of data
> derived from that activity outside the context in which it occurred. A
> context is limited to the set of resources that share the same data
> controller, are covered by the same privacy policy, share a common
> branding, and whose host domains, other than that of the document
> origin, have been declared in the same-party property of the Tracking
> Resource."
>
> Mike
Received on Wednesday, 29 January 2014 17:42:18 UTC