User Stipulation

From MgmtWiki
Revision as of 10:10, 6 December 2018 by Tom (talk | contribs) (References)

Jump to: navigation, search

Full Title or Meme

  1. A statement from a User as to the behavior that the user expects of a Web Site.
  2. A condition, requirement, or item specified in a legal instrument[1] from, about, or with the consent of the user. (synonym: condition)


There are at least two important contexts in which a user is required to stipulate their terms of engagement:

  1. The user is operating a browser on any internet connected device.
  2. The user is operating on a portable device (e.g. a Smart Phone) with a native app installed by the Web Site that wants to collect their data.

An other option is that the user is on a computer of any sort using an application what interacts with the user's data. If the User Information does not leave the User Device there is no User Stipulation required.

There are at least two sources of User Stipulation:

  1. The user can create a statement to be send to the correspondent Web Site informing the site as to the expectations of the user. (aka intent casting e.g. Do Not Track)
  2. The Web Site can provide the user with some sort of document (terms of use, privacy policy, etc.) that the user can accept or reject.

This page does not presently include user settings on a User Device.

Whenever third party access is discussed, there are two distinct types of third party access:

  1. The third party is allowed to install javascript on the browser on the User Device which can be used to create cookies which can track the user from one site to another, most likely with an ID created for that purpose.
  2. The third party is given access to User Information from the second party (i.e. from the Web Site that the user voluntarily accessed.)


Compliance by the Web Site with the agreed terms will be hard to track.


Intent Casting

This solution covers the projection of user terms onto a correspondent Web Site.

  • An existing example is the DNT (Do Not Track) HTTP header.
  • The following example assumes a richer format for intent casting that is not yet defined.

Here are the potential terms to be cast

Name TBD Privacy Risk Notes
Site and App Use information will be used for providing and / or enhancing the site or service only. This information seems better a part of the following fields.
1st party yes 2 data on the user device that does not leave the user device, for example apps that access the local data. This cast is to access limited (in theory) to the device itself.
2nd party yes 3 The Web Site that the user navigated to and understand through some secure indication of the site identity.
3rd party yes 9 Some other site that is able to access the User Device or User Information which was not the user's intent to access.
tracking not clear that this can give more information that 1,2,3 above.
session yes 5 data may not persist beyond completion (may be long for commercial transaction)
duration yes shorter better how long can the data be held (default one year)
data category yes na list of permitted categories (optional)


  1. Merriam Webster, 3rd International Dictionary