[ISSUE-206] Service Provider

ISSUE-206: Service Provider name and requirements

I have amended our proposal to be more consistent with the current TPE
and be less ambiguous about which party is contracting the service.

....Roy

https://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_Service_Provider#Proposal:_Service_Provider

Proposal: Service Provider

Proposal from Roy Fielding: email, amended slightly to be consistent with a proposal by Vinay Goel: email and again to reflect TPE LCWD; issue-206

New text

Access to Web resources often involves multiple parties that might process the data received in a network interaction. For example, domain name services, network access points, content distribution networks, load balancing services, security filters, cloud platforms, and software-as-a-service providers might be a party to a given network interaction because they are contracted by either the user or the  resource owner to provide the mechanisms for communication. Likewise, additional parties might be engaged after a network interaction, such as when services or contractors are used to perform specialized data analysis or records retention.

For the data received in a given network interaction, a service provider is considered to be the same party as its contractee if the service provider:

(1) processes the data on behalf of the contractee;

(2) ensures that the data is only retained, accessed, and used as directed by the contractee;

(3) has no independent right to use the data other than in a de-identified form (e.g., for monitoring service integrity, load balancing, capacity planning, or billing); and,

(4) has a contract in place with the contractee which is consistent with the above limitations.

Received on Wednesday, 14 May 2014 18:13:39 UTC