- From: TOUBIANA Vincent <vtoubiana@cnil.fr>
- Date: Tue, 31 Mar 2015 18:03:54 +0200
- To: "Roy T. Fielding" <fielding@gbiv.com>, "Tracking Protection Working Group" <public-tracking@w3.org>
Roy,
Following the discussion we had during the call last week, I looked closer the definition of "tracking data" (i.e. any data that could be combined with other data to engage in tracking a user across different contexts.). As I understand it, this definition covers any data that could be linked to a cross context user identifier. This definition looks OK to me and I share Mike's concern about removing it.
I don't think that we should replace this definition by "data that might have the effect of tracking the user " because the status of "tracking data" is no longer based on the data themselves but also on how you use them.
Furthermore, on the section about the "G" signal, it does not seem that you suggest to just replace the definition of tracking data. The proposed text also refers to the user consent which was a different issue in the context of RTB and I don't think we should mix the two issues.
It seems to me that the section on third party compliance looks better with the current definition, but I'm not fully understanding the arguments about this section.
Best regards,
Vincent
-----Message d'origine-----
De : Roy T. Fielding [mailto:fielding@gbiv.com]
Envoyé : mercredi 25 mars 2015 20:44
À : Tracking Protection Working Group
Objet : Re: tracking data (was Re: [TCS] comments on 17 Feb 2015 editors draft)
This completes tracking-ACTION-467.
Since we obviously have different ideas of what tracking data means, I will list the 9 occurrences of the phrase "tracking data"
below and explain what I think it is supposed to cover.
[TPE]
(within new "G" TSV)
* the gateway MUST have a contract in place with each of the
parties to whom it provides request data such that only the
selected party is allowed to retain tracking data from a
request with an expressed tracking preference of
DNT:1; and,
I intended this use to include all data covered by our definition of tracking:
data regarding a particular user's activity across multiple distinct contexts and data derived from that activity outside the context in which the user activity occurred.
I suggest we replace it with "... such that, for requests with an expressed tracking preference of DNT:1, only the selected party is allowed to retain data that might have the effect of tracking the user without consent."
(within 6.4.3 Status Checks are not Tracked)
An origin server MUST NOT retain tracking data regarding requests
on the site-wide tracking status resource or within the tracking
status resource space, regardless of the presence, absence, or
value of a DNT header field, cookies, or any other information in
the request.
I intended this use to include any data that the user would consider as tracking them, which (because this is only a request on the status resource and not about normal user activity) is roughly equivalent to any data that has not been de-identified.
I suggest we replace it with
An origin server MUST NOT retain data regarding requests
on the site-wide tracking status resource or within the tracking
status resource space, regardless of the presence, absence, or
value of a DNT header field, cookies, or any other information in
the request, if such data would have the effect of tracking the user.
[TCS]
Within 2.9.1 De-identification Considerations:
* technical safeguards that prohibit reidentification of
deidentified data and/or merging of the original tracking data and
deidentified data;
I believe that use was supposed to include all data from the definition of tracking, though looking carefully it seems "merging of the original"
is impossible given our definition of de-identified (keeping the original would imply that the data hadn't been de-identified); the second half of that sentence should be deleted.
* business processes that specifically prohibit reidentification of
deidentified data and/or merging of the original tracking data and
deidentified data;
ditto
* business processes that prevent inadvertent release of either the
original tracking data or deidentified data;
ditto
* administrative controls that limit access to both the original
tracking data and deidentified data.
ditto. All of these seem to be based on some other definition of de-identified. Ours doesn't allow the original tracking data to coexist.
Within 3.3 Third Party Compliance:
When a third party to a given user action receives a DNT:1
signal in a related network interaction:
* that party MUST NOT collect, share, or use tracking data
related to that interaction;
* that party MUST NOT use data about network interactions with that
user in a different context.
This would only be sufficient if tracking data includes everything in our definition of tracking, since it would otherwise allow collection (but not use in this response) of segmentation data.
I already suggested that the order be reversed so that the later MAYs (e.g., consent) are listed first and this follow with a prefix of "Otherwise, ...". Ignoring that for a second, I suggest that this be replaced by:
When a third party to a given user action receives a DNT:1
signal in a related network interaction, the party MUST NOT
* collect data from this network interaction that would cause
data regarding this particular user's activity to have been
collected across multiple distinct contexts;
* retain, use, or share data derived from this network interaction
outside the context in which this user activity occurred; nor,
* use data about this particular user's past activity within
different contexts to inform or construct a response to
this network interaction.
Within 3.3.1.3 No Personalization:
A party that collects data for a permitted use MUST NOT use that
data to alter a specific user's online experience based on tracking
data, except as specifically permitted below.
"based on tracking data" is redundant here and should be deleted.
Within the example in 3.3.3 Qualifiers for Permitted Uses):
A site that tracks user activity across several unrelated sites
(through a tracking pixel or embedded script, for example) but
collects and uses tracking data only as necessary for security and
debugging purposes might create a tracking status resource with a
tracking status value of T (to indicate tracking) and a
qualifiers value of sd (to indicate the particular
permitted uses).
"tracking data" can be replaced with "data about that activity".
Cheers,
Roy T. Fielding <http://roy.gbiv.com/>
Senior Principal Scientist, Adobe <http://www.adobe.com/>
Received on Tuesday, 31 March 2015 16:04:27 UTC