Privacy by Design: Client-side values – Phil proposed digitalData layer privacy object for VISITOR
digitalData = {
“visitor”: {
“returningStatus”: “new”, //new|returning visitor: trigger consent msg on new visitors
“preferenceForDnt”:window.navigator.doNotTrack,//yes |no | not-specified(DEFAULT)
“anonymizeIp”: false, // hash last 3 characters of IP address in GA. Defaulted to OFF.
“geoIpStatus”: geoplugin_status, // 403 error, 200 is look-up ok
“geoIpCountryCode”: geoplugin_countryCode, // geo-plugin JS variable
“geoIpContinentCode”: geoplugin_continentCode, // geo-plugin JS variable
“geoIpIsCookieConsentRequired”: geop1ugin_cookieConsent // JS variable
},
{// Server-side USER values on login or registration
“user”: {
“profile”: {
“authIsSignedIn”: true,
“authIsNewRegistration”: true, // trigger consent msg on first registration
“authIsUserIdToSessionIdOverrideEnabled”: false,
“profileId”: 12345
}
}
}
}
Privacy by Design: Server-response to DNT from DNT Preference Expression Spec. Value=obeyDNT | ignoresDNT | inprogressDNT | “not specified”
http://www.w3.org/TR/tracking-dnt/#status-representation
http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#status-representation
{
“targeting”: “yes”, // IsOnlineBehaviouralTargeting for Publishers OR onsite remarketing for Advertisers enabled?
“tracking”: “yes”, // Is AudienceMeasurementTracking enabled
“qualifiers”: “afc”, // external “A”udit + “F”raud prevention + ad-frequency “C”apping
“controller”: “http://www.clientdomain.com/privacy.html”,
“same-party”: [{
“google-analytics.com”,
“stats.g.doubleclick.net”,
“api.youtube.com”
}],
third-party”: [{
“googleadservices.com”
“ads.doubleclick.net”,
}],
“audit”: [{
“http://policy.cookiereports.com/caf4f823-en-gb.html” // e.g. w3.org/P3P/validator.html
}],
“policy”: “/privacy.html#cookies”,
“edit”:
}
Sourced from customer experience digitalData Privacy sub-group on
JavaScript objects with Privacy meta data
digitalData.privacy.mapping = [
“page” : “public”, // describes the page itself
“product” : “public”, // further describes the product associated with the page
“cart” : “identifiable”,
“transaction” : “sensitive”,
“transaction total”: “private @analytics”, // defined as private, but analytics exception
“event” : “public”,
“privacy”: “public”,//everyone should be able to see general privacy definitions & policy
“privacy mapping” : “@system”, // example does not want to expose the exact policy mapping
“user” : “identifiable”,
“user segment” : “public”
];