Re: tracking data (was Re: [TCS] comments on 17 Feb 2015 editors draft)

This completes tracking-ACTION-467.

Since we obviously have different ideas of what tracking data
means, I will list the 9 occurrences of the phrase "tracking data"
below and explain what I think it is supposed to cover.

[TPE]

(within new "G" TSV)

      the gateway MUST have a contract in place with each of the
       parties to whom it provides request data such that only the
       selected party is allowed to retain tracking data from a
       request with an expressed tracking preference of
       DNT:1; and,

I intended this use to include all data covered by our definition of tracking:
data regarding a particular user's activity across multiple distinct
contexts and data derived from that activity outside the context in
which the user activity occurred.

I suggest we replace it with "... such that, for requests with an
expressed tracking preference of DNT:1, only the selected party is
allowed to retain data that might have the effect of tracking the
user without consent."

(within 6.4.3 Status Checks are not Tracked)

    An origin server MUST NOT retain tracking data regarding requests
    on the site-wide tracking status resource or within the tracking
    status resource space, regardless of the presence, absence, or
    value of a DNT header field, cookies, or any other information in
    the request.

I intended this use to include any data that the user would consider
as tracking them, which (because this is only a request on the status
resource and not about normal user activity) is roughly equivalent to
any data that has not been de-identified.

I suggest we replace it with

    An origin server MUST NOT retain data regarding requests
    on the site-wide tracking status resource or within the tracking
    status resource space, regardless of the presence, absence, or
    value of a DNT header field, cookies, or any other information in
    the request, if such data would have the effect of tracking the user.


[TCS]

Within 2.9.1 De-identification Considerations:

      technical safeguards that prohibit reidentification of
       deidentified data and/or merging of the original tracking data and
       deidentified data;

I believe that use was supposed to include all data from the definition
of tracking, though looking carefully it seems "merging of the original"
is impossible given our definition of de-identified (keeping the original
would imply that the data hadn't been de-identified); the second half of
that sentence should be deleted.

      business processes that specifically prohibit reidentification of
       deidentified data and/or merging of the original tracking data and
       deidentified data;

ditto

      business processes that prevent inadvertent release of either the
       original tracking data or deidentified data;

ditto

      administrative controls that limit access to both the original
       tracking data and deidentified data.

ditto.  All of these seem to be based on some other definition of
de-identified. Ours doesn't allow the original tracking data to coexist.

Within 3.3 Third Party Compliance:

   When a third party to a given user action receives a DNT:1
   signal in a related network interaction:

      that party MUST NOT collect, share, or use tracking data
       related to that interaction;

      that party MUST NOT use data about network interactions with that
       user in a different context.

This would only be sufficient if tracking data includes everything
in our definition of tracking, since it would otherwise allow
collection (but not use in this response) of segmentation data.

I already suggested that the order be reversed so that the later
MAYs (e.g., consent) are listed first and this follow with a prefix
of "Otherwise, ...".  Ignoring that for a second, I suggest that this
be replaced by:

   When a third party to a given user action receives a DNT:1
   signal in a related network interaction, the party MUST NOT

     collect data from this network interaction that would cause
      data regarding this particular user's activity to have been
      collected across multiple distinct contexts;

     retain, use, or share data derived from this network interaction
      outside the context in which this user activity occurred; nor,

     use data about this particular user's past activity within
      different contexts to inform or construct a response to
      this network interaction.


Within 3.3.1.3 No Personalization:

    A party that collects data for a permitted use MUST NOT use that
    data to alter a specific user's online experience based on tracking
    data, except as specifically permitted below.

"based on tracking data" is redundant here and should be deleted.

Within the example in 3.3.3 Qualifiers for Permitted Uses):

    A site that tracks user activity across several unrelated sites
    (through a tracking pixel or embedded script, for example) but
    collects and uses tracking data only as necessary for security and
    debugging purposes might create a tracking status resource with a
    tracking status value of T (to indicate tracking) and a
    qualifiers value of sd (to indicate the particular
    permitted uses).

"tracking data" can be replaced with "data about that activity".


Cheers,

Roy T. Fielding                     <http://roy.gbiv.com/>
Senior Principal Scientist, Adobe   <http://www.adobe.com/>

Received on Wednesday, 25 March 2015 19:43:57 UTC