- From: Roy T. Fielding <fielding@gbiv.com>
- Date: Wed, 25 Mar 2015 12:43:35 -0700
- To: Tracking Protection Working Group <public-tracking@w3.org>
This completes tracking-ACTION-467.
Since we obviously have different ideas of what tracking data
means, I will list the 9 occurrences of the phrase "tracking data"
below and explain what I think it is supposed to cover.
[TPE]
(within new "G" TSV)
• the gateway MUST have a contract in place with each of the
parties to whom it provides request data such that only the
selected party is allowed to retain tracking data from a
request with an expressed tracking preference of
DNT:1; and,
I intended this use to include all data covered by our definition of tracking:
data regarding a particular user's activity across multiple distinct
contexts and data derived from that activity outside the context in
which the user activity occurred.
I suggest we replace it with "... such that, for requests with an
expressed tracking preference of DNT:1, only the selected party is
allowed to retain data that might have the effect of tracking the
user without consent."
(within 6.4.3 Status Checks are not Tracked)
An origin server MUST NOT retain tracking data regarding requests
on the site-wide tracking status resource or within the tracking
status resource space, regardless of the presence, absence, or
value of a DNT header field, cookies, or any other information in
the request.
I intended this use to include any data that the user would consider
as tracking them, which (because this is only a request on the status
resource and not about normal user activity) is roughly equivalent to
any data that has not been de-identified.
I suggest we replace it with
An origin server MUST NOT retain data regarding requests
on the site-wide tracking status resource or within the tracking
status resource space, regardless of the presence, absence, or
value of a DNT header field, cookies, or any other information in
the request, if such data would have the effect of tracking the user.
[TCS]
Within 2.9.1 De-identification Considerations:
• technical safeguards that prohibit reidentification of
deidentified data and/or merging of the original tracking data and
deidentified data;
I believe that use was supposed to include all data from the definition
of tracking, though looking carefully it seems "merging of the original"
is impossible given our definition of de-identified (keeping the original
would imply that the data hadn't been de-identified); the second half of
that sentence should be deleted.
• business processes that specifically prohibit reidentification of
deidentified data and/or merging of the original tracking data and
deidentified data;
ditto
• business processes that prevent inadvertent release of either the
original tracking data or deidentified data;
ditto
• administrative controls that limit access to both the original
tracking data and deidentified data.
ditto. All of these seem to be based on some other definition of
de-identified. Ours doesn't allow the original tracking data to coexist.
Within 3.3 Third Party Compliance:
When a third party to a given user action receives a DNT:1
signal in a related network interaction:
• that party MUST NOT collect, share, or use tracking data
related to that interaction;
• that party MUST NOT use data about network interactions with that
user in a different context.
This would only be sufficient if tracking data includes everything
in our definition of tracking, since it would otherwise allow
collection (but not use in this response) of segmentation data.
I already suggested that the order be reversed so that the later
MAYs (e.g., consent) are listed first and this follow with a prefix
of "Otherwise, ...". Ignoring that for a second, I suggest that this
be replaced by:
When a third party to a given user action receives a DNT:1
signal in a related network interaction, the party MUST NOT
• collect data from this network interaction that would cause
data regarding this particular user's activity to have been
collected across multiple distinct contexts;
• retain, use, or share data derived from this network interaction
outside the context in which this user activity occurred; nor,
• use data about this particular user's past activity within
different contexts to inform or construct a response to
this network interaction.
Within 3.3.1.3 No Personalization:
A party that collects data for a permitted use MUST NOT use that
data to alter a specific user's online experience based on tracking
data, except as specifically permitted below.
"based on tracking data" is redundant here and should be deleted.
Within the example in 3.3.3 Qualifiers for Permitted Uses):
A site that tracks user activity across several unrelated sites
(through a tracking pixel or embedded script, for example) but
collects and uses tracking data only as necessary for security and
debugging purposes might create a tracking status resource with a
tracking status value of T (to indicate tracking) and a
qualifiers value of sd (to indicate the particular
permitted uses).
"tracking data" can be replaced with "data about that activity".
Cheers,
Roy T. Fielding <http://roy.gbiv.com/>
Senior Principal Scientist, Adobe <http://www.adobe.com/>
Received on Wednesday, 25 March 2015 19:43:57 UTC