From eab93b5a931f02158ef605c865038dae0c8d1c08 Mon Sep 17 00:00:00 2001 From: Nick Doty Date: Tue, 2 Jul 2024 12:07:32 -0400 Subject: [PATCH 1/2] fill out principle on safe but under user control references to ancillary uses, controlled deidentified data and personal data from privacy principles --- principles/index.html | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/principles/index.html b/principles/index.html index a6ccc93..32a849c 100644 --- a/principles/index.html +++ b/principles/index.html @@ -29,7 +29,7 @@

Privacy is essential to the sustainable success of the advertising ecosystem. This document takes up the - W3C TAG's Privacy Principles [[?Privacy-Principles]] and specialises them for advertising-related + W3C TAG's Privacy Principles [[Privacy-Principles]] and specialises them for advertising-related situations.

@@ -83,6 +83,12 @@

Measurement

Measurement should be private for safe, widespread usage, but always be under user control

+ +

Measurement and attribution are ancillary uses with functionality that may rely on broad usage. (Some forms of measurement are done with smaller, opt-in panels that typically provide identifiable data.) In order to be sufficiently private, measurement should not reveal personal data, by, for example, ensuring measurement data is controlled de-identified data.

+ +

Because measurement and attribution involve all kinds of viewing advertisements and a variety of other actions, in a wide range of different contexts, relying on understanding of, expectations about and consent over cross-context recognition as a result of ad measurement would be inappropriate.

+ +

Users should always be able to control their participation in measurement systems, even with de-identified data. User agents may, for example, provide a setting for the user's general preference about telemetry and aggregate measurement.

@@ -98,8 +104,6 @@

Measurement should not significantly enable cross-context recognition

Metrics to define significance are being evaluated by a separate task force.

- -

Because measurement and attribution involve all kinds of viewing advertisements and a variety of other actions, in a wide range of different contexts, relying on understanding of, expectations about and consent over cross-context recognition as a result of ad measurement would be inappropriate.

From e1060d7ff3b498acfc2640a52b7f55bc3ea511a5 Mon Sep 17 00:00:00 2001 From: Nick Doty Date: Mon, 15 Jul 2024 14:35:34 -0400 Subject: [PATCH 2/2] Apply suggestions from code review thanks Martin Co-authored-by: Martin Thomson --- principles/index.html | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/principles/index.html b/principles/index.html index 32a849c..e63fa33 100644 --- a/principles/index.html +++ b/principles/index.html @@ -86,9 +86,9 @@

Measurement should be private for safe, widespread usage, but always be unde

Measurement and attribution are ancillary uses with functionality that may rely on broad usage. (Some forms of measurement are done with smaller, opt-in panels that typically provide identifiable data.) In order to be sufficiently private, measurement should not reveal personal data, by, for example, ensuring measurement data is controlled de-identified data.

-

Because measurement and attribution involve all kinds of viewing advertisements and a variety of other actions, in a wide range of different contexts, relying on understanding of, expectations about and consent over cross-context recognition as a result of ad measurement would be inappropriate.

+

Measurement and attribution involve all kinds of viewing advertisements and a variety of other actions, in a wide range of different contexts. Relying on understanding of, expectations about, or consent over cross-context recognition as a result of ad measurement would be inappropriate.

-

Users should always be able to control their participation in measurement systems, even with de-identified data. User agents may, for example, provide a setting for the user's general preference about telemetry and aggregate measurement.

+

Users should always be able to control their participation in measurement systems, even when that participation only produces de-identified data. User agents may, for example, provide a setting for the user's general preference about telemetry and aggregate measurement.