Note the user agent as the processor of user data #45
Conversation
Intended to address: objections concerning the clarity of the role of the user agent as an entity that collects and acts upon user data internally before any privacy processioning
AramZS
added
the
comment-response
charter.html
Outdated
| of <a href="https://w3ctag.github.io/privacy-principles/#hl-recognition-cross-site">cross-site | ||
| or cross context recognition</a> of users or | ||
| enabling <a href="https://w3ctag.github.io/privacy-principles/#hl-recognition-same-site">same-site | ||
| or same-context recognition</a> of users across the clearing of | ||
| state. | ||
| state by transmitting users’ data from a user agent that is within their control to an agent |
There was a problem hiding this comment.
I think the grammar here is confusing, because we have singular user agent but multiple users. Perhaps "... state by transmitting a user's data from a user agent that is within their control..."?
Co-authored-by: Sean Turner <sean@sn3rd.com>
| of <a href="https://w3ctag.github.io/privacy-principles/#hl-recognition-cross-site">cross-site | ||
| or cross context recognition</a> of users or | ||
| enabling <a href="https://w3ctag.github.io/privacy-principles/#hl-recognition-same-site">same-site | ||
| or same-context recognition</a> of users across the clearing of | ||
| state. | ||
| state by transmitting a users’ data from a user agent that is within their control to an agent |
There was a problem hiding this comment.
Surely "a user's data" not "a users' data"?
|
I am relaying a comment from a member who has raised formal objections. I do not intend to imply support or opposition to this statement, but just to make their objection on this available for discussion with the member's permission:
|
|
If deemed necessary, I suggest we resolve the concern around use of the word "processor" by clarifying that we are using the word in a technical and non-legal sense, as otherwise we'll have to at best incorporate terminology from other laws (which is increasingly impractical), and at worst invent new technical terminology. |
I agree wholeheartedly. Big plus 1. |
| processing of personal information. Ways in which new features might | ||
| enable inappropriate processing include (but are not limited to) | ||
| enabling | ||
| processing of personal information that is collected by a user agent. |
There was a problem hiding this comment.
I'm confused: what is the new clause "that is collected by a user agent" supposed to accomplish here? It seems like it would unnecessarily restrict the scope of the WG.
For example, one might argue that the aggregate conversion measurement work in progress in PATCG is out of scope of the WG based on this clause, because the way conversion tracking works today does not involve information being collected by a user agent.
There was a problem hiding this comment.
Agreed with @michaelkleber's concern. Would saying "collected or created by a user agent" fix the issue?
| of <a href="https://w3ctag.github.io/privacy-principles/#hl-recognition-cross-site">cross-site | ||
| or cross context recognition</a> of users or | ||
| enabling <a href="https://w3ctag.github.io/privacy-principles/#hl-recognition-same-site">same-site | ||
| or same-context recognition</a> of users across the clearing of | ||
| state. | ||
| state by transmitting a users’ data from a user agent that is within their control to an agent | ||
| outside of their control with no guarantee of de-identification of the individual user. |
There was a problem hiding this comment.
Not sure this is helpful in addressing the concern about ambiguity of processing, and I fear it introduces other ambiguities. User agents typically can't prevent all transmission of data to other actors -- making any request on the Web typically involves communicating something to another server, while using an IP address that makes it difficult to guarantee de-identification. Cross-context and same context recognition are more useful ideas than trying to explain in one sentence what data can or can't be transmitted.
Intended to address: objections concerning the clarity of the role of the user agent as an entity that collects and acts upon user data internally before any privacy processioning.
See #44 to help with understanding this issue.