Re: tracking in compliance; navigation referral

I've updated my listing of the options below based on Roy's additional proposal (about a first-party permitted use) and I'll add some of this summary to the wiki.

I would still suggest that we open a separate issue on navigation referrals, since it seems to be an open question, and I'm adding Roy's other editorial suggestions about other parts of the document to our list, still to be resolved.


## issue-203

1. Current text: the current editors' draft sets compliance requirements involving collection, retention and subsequent use of non-deidentified data collected by a third party to a given user action, except for data necessary for permitted uses. I believed this to be our previous agreement, and it would still cover "tracking" as defined.

2. dsinger's proposal: we could also narrow existing compliance requirements by using "tracking data" in place of "data". That is, even if a party is a third-party to a given user action and retains or shares non-deidentified data, it isn't tracking (and isn't in scope of this recommendation) if it isn't collecting data across different contexts. I think we'd want to define "tracking data" as something like "data that could be combined with other data to engage in tracking a user across different contexts". This would keep the same structure as the existing editor's draft text, but relax requirements slightly to allow things that might not be "tracking".

3. fielding's proposal: we could remove the first-party and third-party compliance sections and replace with a set of requirements for what does and does not constitute tracking. See section 3.3 of Roy's Alternative proposal:
Permitted uses would be moved to a separate high-level section. See section 3.4 of Roy's text:

In particular, this requires a statement, as in Section 1 of Roy's proposal, to state that these requirements are intended to apply to downstream recipients as well.

4. first party permitted use: we could remove the first-party and third-party compliance sections, add requirements for what constitutes tracking and add a first-party permitted use (tracking is allowed in the first party context, other conditions from current first-party compliance section).

This is detailed in Roy's i203b proposal:
... in particular:

Received on Wednesday, 10 September 2014 07:58:19 UTC