- From: Rob van Eijk <rob@blaeu.com>
- Date: Wed, 29 Jan 2014 18:44:23 +0100
- To: "Mike O'Neill" <michael.oneill@baycloud.com>
- Cc: public-tracking@w3.org
Proposal 2 deleted, as talked about on the call today. Rob Rob van Eijk schreef op 2014-01-29 18:41: > Defintion updated to be the same as last line of non-normative text. > MUST's have been removed. > > Proposed by Rob van Eijk and Mike O'Neill via email. > > A context is limited to the set of resources that share the same > data controller, are covered by the same privacy policy, share a > common branding, and whose host domains, other than that of the > document origin, have been declared in the same-party property of the > Tracking Resource. > > Non-normative Note: > In case the same-party field is empty, then only the given site is > considered to be the same context. > In order for a definition of context to be granular enough to > distinguish one context from another, a set of cumulative criteria is > proposed. The purpose of this definition is to reflect the user > expectations that data collected for a specified purpose by one of > those resources is available to all other resources within the same > context. Data must not be shared between different contexts. Respect > for context and purpose limitation within a context are important core > principles for any use of (personal) data within that context. Within > any particular network interaction within a context, a user can expect > that session states and other data (strictly) necessary to support the > activity will be retained or shared. > Given the outcome of the Call for Objections, the full combined > tracking-context definition reads as: "Tracking is the collection of > data regarding a particular user's activity across multiple distinct > contexts and the retention, use, or sharing of data derived from that > activity outside the context in which it occurred. A context is > limited to the set of resources that share the same data controller, > are covered by the same privacy policy, share a common branding, and > whose host domains, other than that of the document origin, have been > declared in the same-party property of the Tracking Resource." > > > Mike O'Neill schreef op 2014-01-15 13:43: >> (This was meant to go on the list first but I sent it from the wrong >> email address.) >> >> Rob and I agreed a minor change to the text on this. Here it is and I >> have edited the wiki accordingly. It just takes out the redundant >> repeated "and", clarifies the point that only the domains go into the >> same-party property and says normatively that the site host name need >> not be mentioned in same-party. The normative text was echoed at the >> end of the non-normative so I fixed that in the same way. I also >> changed field to property to correlate it with Roy's TPE changes. >> >> My proposal 3 is redundant now so it should be removed. >> >> Here is the changed text >> >> A context is a set of resources that MUST all share the same data >> controller, MUST all be covered by the same privacy policy, MUST share >> a common branding, and whose host domains, other than that of the >> document origin, MUST be declared in the same-party property of the >> Tracking Resource. >> >> Non-normative Note: >> >> In case the same-party field is empty, then only the given site is >> considered to be the same context. In order for a definition of >> context to be granular enough to distinguish one context from another, >> a set of cumulative criteria is proposed. The purpose of this >> definition is to reflect the user expectations that data collected for >> a specified purpose by one of those resources is available to all >> other resources within the same context. Data must not be shared >> between different contexts. Respect for context and purpose limitation >> within a context are important core principles for any use of >> (personal) data within that context. Within any particular network >> interaction within a context, a user can expect that session states >> and other data (strictly) necessary to support the activity will be >> retained or shared. Given the outcome of the Call for Objections, the >> full combined tracking-context definition reads as: "Tracking is the >> collection of data regarding a particular user's activity across >> multiple distinct contexts and the retention, use, or sharing of data >> derived from that activity outside the context in which it occurred. A >> context is limited to the set of resources that share the same data >> controller, are covered by the same privacy policy, share a common >> branding, and whose host domains, other than that of the document >> origin, have been declared in the same-party property of the Tracking >> Resource." >> >> Mike
Received on Wednesday, 29 January 2014 17:44:53 UTC