Prohibit Cross-domain tracking
19 Nov 2021Cross-domain tracking , multi-site tracking or tracking outside the tracker’s own domain will require user’s active acknowledgement (opt-in), notwithstanding any privacy policy posted on the website. A similar form of acknowledgement is required if collected information are passed to third party, with the list of the third parties recipients provided to the user.
The following policies have been approved by the Political Council and will be sent to the membership to be voted on:
**The pirate party considers metadata to be Personally Identifiable Information (PII) when taken in aggregate over time, even when anonymous, given it allows to build user profiles that are possible to correlate to specific people. Any usage of data and metadata can considered to be private when a first or a third party could use it to build user profiles.
For First Parties:
-Data submitted by the user passed in to a third party providing website functionality (comments, logging, backups, payments, and other similar services) must be explicitly listed as being shared with said party, with the information being easy to find, before the data can be submitted by the user.
-Personally Identifiable Information submitted by the user to a website cannot be passed to a third party for functions unrelated to website features (selling the information, analytics) without explicit user acknowledgement (opt-in), notwithstanding any privacy policy posted on the website.
For Third Parties:
-Advertising networks and third party advertisers taking part into online advertising must respect commonly-used privacy mechanisms (such as Do Not Track headers), whether or not these mechanisms were enabled by users or were a default setting of their browsing device.
-Evercookies and other similar practices aiming to circumvent the users’ ability to preserve their anonimity will be forbidden by any party without explicit user consent (opt-in).
-Third parties cannot insert themselves into a communication between one or more users in order to gather personally identifiable information without their consent.