Privacy by Design: Client-side values – Phil proposed digitalData layer privacy object for VISITOR

 

digitalData = {

“visitor”: {

“returningStatus”: “new”, //new|returning visitor: trigger consent msg on new visitors

“preferenceForDnt”:window.navigator.doNotTrack,//yes |no | not-specified(DEFAULT)

“anonymizeIp”: false, // hash last 3 characters of IP address in GA. Defaulted to OFF.

“geoIpStatus”: geoplugin_status, // 403 error, 200 is look-up ok

“geoIpCountryCode”: geoplugin_countryCode, // geo-plugin JS variable

“geoIpContinentCode”: geoplugin_continentCode, // geo-plugin JS variable

“geoIpIsCookieConsentRequired”: geop1ugin_cookieConsent // JS variable

},

{// Server-side USER values on login or registration

“user”: {

“profile”: {

“authIsSignedIn”: true,

“authIsNewRegistration”: true, // trigger consent msg on first registration

“authIsUserIdToSessionIdOverrideEnabled”: false,

“profileId”: 12345

}

}

}

}

 

Privacy by Design: Server-response to DNT from DNT Preference Expression Spec. Value=obeyDNT | ignoresDNT | inprogressDNT | “not specified”

http://www.w3.org/TR/tracking-dnt/#status-representation

http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#status-representation

{

“targeting”: “yes”, // IsOnlineBehaviouralTargeting for Publishers OR onsite remarketing for Advertisers enabled?

“tracking”: “yes”, // Is AudienceMeasurementTracking enabled

“qualifiers”: “afc”, // external “A”udit + “F”raud prevention + ad-frequency “C”apping

“controller”: “http://www.clientdomain.com/privacy.html”,

“same-party”: [{

“google-analytics.com”,

“stats.g.doubleclick.net”,

“api.youtube.com”

}],

third-party”: [{

“googleadservices.com”

“ads.doubleclick.net”,

}],

“audit”: [{

“http://policy.cookiereports.com/caf4f823-en-gb.html” // e.g. w3.org/P3P/validator.html

}],

“policy”: “/privacy.html#cookies”,

“edit”:

}

 

Sourced from customer experience digitalData Privacy sub-group on

JavaScript objects with Privacy meta data

 

digitalData.privacy.mapping = [

“page”           : “public”, // describes the page itself

“product”        : “public”, // further describes the product associated with the page

“cart”           : “identifiable”,

“transaction”    : “sensitive”,

“transaction total”: “private @analytics”, // defined as private, but analytics exception

“event”          : “public”,

“privacy”: “public”,//everyone should be able to see general privacy definitions & policy

“privacy mapping”      : “@system”, // example does not want to expose the exact policy mapping

“user”           : “identifiable”,

“user segment”   : “public”

];

 

0117 3361103