From 0884c3684dbe4cf3112b20d836e6fad531f48327 Mon Sep 17 00:00:00 2001
From: Robin Berjon <robin@berjon.com>
Date: Wed, 8 May 2024 17:34:03 +0000
Subject: [PATCH] remove high level threats and reference RFC6973 instead
 (#421)

SHA: fde250a0ad0bcaae9e2e9577dc094e803cff3c20
Reason: push, by darobin

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 index.html | 189 ++++++++---------------------------------------------
 1 file changed, 27 insertions(+), 162 deletions(-)

diff --git a/index.html b/index.html
index 6372b8b..72a646b 100644
--- a/index.html
+++ b/index.html
@@ -883,7 +883,7 @@ <h1 id="title" class="title">Privacy Principles</h1>
   </p><p>
                       This document is governed by the
                       <a id="w3c_process_revision" href="https://www.w3.org/2023/Process-20231103/">03 November 2023 <abbr title="World Wide Web Consortium">W3C</abbr> Process Document</a>.
-                    </p></section><nav id="toc"><h2 class="introductory" id="table-of-contents">Table of Contents</h2><ol class="toc"><li class="tocline"><a class="tocxref" href="#abstract">Abstract</a></li><li class="tocline"><a class="tocxref" href="#sotd">Status of This Document</a></li><li class="tocline"><a class="tocxref" href="#how-this-document-fits-in">How This Document Fits In</a></li><li class="tocline"><a class="tocxref" href="#audience">Audiences for this Document</a></li><li class="tocline"><a class="tocxref" href="#intro"><bdi class="secno">1. </bdi>An Introduction to Privacy on the Web</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#autonomy"><bdi class="secno">1.1 </bdi>Individual Autonomy</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#opt-in-out"><bdi class="secno">1.1.1 </bdi>Opt-in, Consent, Opt-out, Global Controls</a></li><li class="tocline"><a class="tocxref" href="#privacy-labour"><bdi class="secno">1.1.2 </bdi>Privacy Labour</a></li></ol></li><li class="tocline"><a class="tocxref" href="#vulnerability"><bdi class="secno">1.2 </bdi>Vulnerability</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#guardians"><bdi class="secno">1.2.1 </bdi>Guardians</a></li></ol></li><li class="tocline"><a class="tocxref" href="#collective"><bdi class="secno">1.3 </bdi>Collective Governance</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#group-privacy"><bdi class="secno">1.3.1 </bdi>Group Privacy</a></li><li class="tocline"><a class="tocxref" href="#transparency-for-research"><bdi class="secno">1.3.2 </bdi>Transparency and Research</a></li></ol></li><li class="tocline"><a class="tocxref" href="#user-agents"><bdi class="secno">1.4 </bdi>User Agents</a></li><li class="tocline"><a class="tocxref" href="#balancing"><bdi class="secno">1.5 </bdi>Incorporating Different Privacy Principles</a></li></ol></li><li class="tocline"><a class="tocxref" href="#principles-for-privacy-on-the-web"><bdi class="secno">2. </bdi>Principles for Privacy on the Web</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#identity"><bdi class="secno">2.1 </bdi>Identity on the Web</a></li><li class="tocline"><a class="tocxref" href="#data-minimization"><bdi class="secno">2.2 </bdi>Data Minimization</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#ancillary-uses"><bdi class="secno">2.2.1 </bdi>Ancillary uses</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#designing-ancillary-apis-with-new-information"><bdi class="secno">2.2.1.1 </bdi>Designing ancillary APIs that provide new information</a></li></ol></li></ol></li><li class="tocline"><a class="tocxref" href="#information"><bdi class="secno">2.3 </bdi>Information access</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#unavoidable-information-exposure"><bdi class="secno">2.3.1 </bdi>Unavoidable information exposure</a></li></ol></li><li class="tocline"><a class="tocxref" href="#hl-sensitive-information"><bdi class="secno">2.4 </bdi>Sensitive Information</a></li><li class="tocline"><a class="tocxref" href="#data-rights"><bdi class="secno">2.5 </bdi>Data Rights</a></li><li class="tocline"><a class="tocxref" href="#deidentified-data"><bdi class="secno">2.6 </bdi>De-identified Data</a></li><li class="tocline"><a class="tocxref" href="#collective-privacy"><bdi class="secno">2.7 </bdi>Collective Privacy</a></li><li class="tocline"><a class="tocxref" href="#device-administrators"><bdi class="secno">2.8 </bdi>Device Owners and Administrators</a></li><li class="tocline"><a class="tocxref" href="#protecting-web-users-from-abusive-behaviour"><bdi class="secno">2.9 </bdi>Protecting web users from abusive behaviour</a></li><li class="tocline"><a class="tocxref" href="#purpose-limitation"><bdi class="secno">2.10 </bdi>Purpose limitation</a></li><li class="tocline"><a class="tocxref" href="#transparency"><bdi class="secno">2.11 </bdi>Transparency</a></li><li class="tocline"><a class="tocxref" href="#consent-principles"><bdi class="secno">2.12 </bdi>Consent, Withdrawal of Consent, Opt-Outs, and Objections</a></li><li class="tocline"><a class="tocxref" href="#interruptions"><bdi class="secno">2.13 </bdi>Notifications and Interruptions</a></li><li class="tocline"><a class="tocxref" href="#non-retaliation"><bdi class="secno">2.14 </bdi>Non-Retaliation</a></li><li class="tocline"><a class="tocxref" href="#support-choosing-info"><bdi class="secno">2.15 </bdi>Support Choosing Which Information to Present</a></li></ol></li><li class="tocline"><a class="tocxref" href="#boring-terminology"><bdi class="secno">A. </bdi>Common Concepts</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#people"><bdi class="secno">A.1 </bdi>People</a></li><li class="tocline"><a class="tocxref" href="#context"><bdi class="secno">A.2 </bdi>Contexts</a></li><li class="tocline"><a class="tocxref" href="#parties"><bdi class="secno">A.3 </bdi>Server-Side Actors</a></li><li class="tocline"><a class="tocxref" href="#acting-on-data"><bdi class="secno">A.4 </bdi>Acting on Data</a></li><li class="tocline"><a class="tocxref" href="#recognition"><bdi class="secno">A.5 </bdi>Recognition</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#recognition-types"><bdi class="secno">A.5.1 </bdi>Recognition Types</a></li><li class="tocline"><a class="tocxref" href="#user-agent-recognition"><bdi class="secno">A.5.2 </bdi>User agent awareness of recognition</a></li></ol></li></ol></li><li class="tocline"><a class="tocxref" href="#threats"><bdi class="secno">B. </bdi>High-Level Threats</a></li><li class="tocline"><a class="tocxref" href="#bp-summary"><bdi class="secno">C. </bdi>Principles Summary</a></li><li class="tocline"><a class="tocxref" href="#conformance"><bdi class="secno">D. </bdi>Conformance</a></li><li class="tocline"><a class="tocxref" href="#acknowledgements"><bdi class="secno">E. </bdi>Acknowledgements</a></li><li class="tocline"><a class="tocxref" href="#issue-summary"><bdi class="secno">F. </bdi>Issue summary</a></li><li class="tocline"><a class="tocxref" href="#references"><bdi class="secno">G. </bdi>References</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#informative-references"><bdi class="secno">G.1 </bdi>Informative references</a></li></ol></li></ol></nav>
+                    </p></section><nav id="toc"><h2 class="introductory" id="table-of-contents">Table of Contents</h2><ol class="toc"><li class="tocline"><a class="tocxref" href="#abstract">Abstract</a></li><li class="tocline"><a class="tocxref" href="#sotd">Status of This Document</a></li><li class="tocline"><a class="tocxref" href="#how-this-document-fits-in">How This Document Fits In</a></li><li class="tocline"><a class="tocxref" href="#audience">Audiences for this Document</a></li><li class="tocline"><a class="tocxref" href="#intro"><bdi class="secno">1. </bdi>An Introduction to Privacy on the Web</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#autonomy"><bdi class="secno">1.1 </bdi>Individual Autonomy</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#opt-in-out"><bdi class="secno">1.1.1 </bdi>Opt-in, Consent, Opt-out, Global Controls</a></li><li class="tocline"><a class="tocxref" href="#privacy-labour"><bdi class="secno">1.1.2 </bdi>Privacy Labour</a></li></ol></li><li class="tocline"><a class="tocxref" href="#vulnerability"><bdi class="secno">1.2 </bdi>Vulnerability</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#guardians"><bdi class="secno">1.2.1 </bdi>Guardians</a></li></ol></li><li class="tocline"><a class="tocxref" href="#collective"><bdi class="secno">1.3 </bdi>Collective Governance</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#group-privacy"><bdi class="secno">1.3.1 </bdi>Group Privacy</a></li><li class="tocline"><a class="tocxref" href="#transparency-for-research"><bdi class="secno">1.3.2 </bdi>Transparency and Research</a></li></ol></li><li class="tocline"><a class="tocxref" href="#user-agents"><bdi class="secno">1.4 </bdi>User Agents</a></li><li class="tocline"><a class="tocxref" href="#balancing"><bdi class="secno">1.5 </bdi>Incorporating Different Privacy Principles</a></li></ol></li><li class="tocline"><a class="tocxref" href="#principles-for-privacy-on-the-web"><bdi class="secno">2. </bdi>Principles for Privacy on the Web</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#identity"><bdi class="secno">2.1 </bdi>Identity on the Web</a></li><li class="tocline"><a class="tocxref" href="#data-minimization"><bdi class="secno">2.2 </bdi>Data Minimization</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#ancillary-uses"><bdi class="secno">2.2.1 </bdi>Ancillary uses</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#designing-ancillary-apis-with-new-information"><bdi class="secno">2.2.1.1 </bdi>Designing ancillary APIs that provide new information</a></li></ol></li></ol></li><li class="tocline"><a class="tocxref" href="#information"><bdi class="secno">2.3 </bdi>Information access</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#unavoidable-information-exposure"><bdi class="secno">2.3.1 </bdi>Unavoidable information exposure</a></li></ol></li><li class="tocline"><a class="tocxref" href="#hl-sensitive-information"><bdi class="secno">2.4 </bdi>Sensitive Information</a></li><li class="tocline"><a class="tocxref" href="#data-rights"><bdi class="secno">2.5 </bdi>Data Rights</a></li><li class="tocline"><a class="tocxref" href="#deidentified-data"><bdi class="secno">2.6 </bdi>De-identified Data</a></li><li class="tocline"><a class="tocxref" href="#collective-privacy"><bdi class="secno">2.7 </bdi>Collective Privacy</a></li><li class="tocline"><a class="tocxref" href="#device-administrators"><bdi class="secno">2.8 </bdi>Device Owners and Administrators</a></li><li class="tocline"><a class="tocxref" href="#protecting-web-users-from-abusive-behaviour"><bdi class="secno">2.9 </bdi>Protecting web users from abusive behaviour</a></li><li class="tocline"><a class="tocxref" href="#purpose-limitation"><bdi class="secno">2.10 </bdi>Purpose limitation</a></li><li class="tocline"><a class="tocxref" href="#transparency"><bdi class="secno">2.11 </bdi>Transparency</a></li><li class="tocline"><a class="tocxref" href="#consent-principles"><bdi class="secno">2.12 </bdi>Consent, Withdrawal of Consent, Opt-Outs, and Objections</a></li><li class="tocline"><a class="tocxref" href="#interruptions"><bdi class="secno">2.13 </bdi>Notifications and Interruptions</a></li><li class="tocline"><a class="tocxref" href="#non-retaliation"><bdi class="secno">2.14 </bdi>Non-Retaliation</a></li><li class="tocline"><a class="tocxref" href="#support-choosing-info"><bdi class="secno">2.15 </bdi>Support Choosing Which Information to Present</a></li></ol></li><li class="tocline"><a class="tocxref" href="#boring-terminology"><bdi class="secno">A. </bdi>Common Concepts</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#people"><bdi class="secno">A.1 </bdi>People</a></li><li class="tocline"><a class="tocxref" href="#context"><bdi class="secno">A.2 </bdi>Contexts</a></li><li class="tocline"><a class="tocxref" href="#parties"><bdi class="secno">A.3 </bdi>Server-Side Actors</a></li><li class="tocline"><a class="tocxref" href="#acting-on-data"><bdi class="secno">A.4 </bdi>Acting on Data</a></li><li class="tocline"><a class="tocxref" href="#recognition"><bdi class="secno">A.5 </bdi>Recognition</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#recognition-types"><bdi class="secno">A.5.1 </bdi>Recognition Types</a></li><li class="tocline"><a class="tocxref" href="#user-agent-recognition"><bdi class="secno">A.5.2 </bdi>User agent awareness of recognition</a></li></ol></li></ol></li><li class="tocline"><a class="tocxref" href="#bp-summary"><bdi class="secno">B. </bdi>Principles Summary</a></li><li class="tocline"><a class="tocxref" href="#conformance"><bdi class="secno">C. </bdi>Conformance</a></li><li class="tocline"><a class="tocxref" href="#acknowledgements"><bdi class="secno">D. </bdi>Acknowledgements</a></li><li class="tocline"><a class="tocxref" href="#issue-summary"><bdi class="secno">E. </bdi>Issue summary</a></li><li class="tocline"><a class="tocxref" href="#references"><bdi class="secno">F. </bdi>References</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#informative-references"><bdi class="secno">F.1 </bdi>Informative references</a></li></ol></li></ol></nav>
 
 <section class="introductory" id="how-this-document-fits-in"><div class="header-wrapper"><h2 id="how-this-document-fits-in-0">How This Document Fits In</h2><a class="self-link" href="#how-this-document-fits-in" aria-label="Permalink for this Section"></a></div>
 
@@ -990,13 +990,13 @@ <h1 id="title" class="title">Privacy Principles</h1>
 which may include: Internet service providers; other network operators; local institutions providing
 a network connection including schools, libraries, or universities; government intelligence services;
 malicious hackers who have gained access to the network or the systems of any of the other actors.
-High-level threats including <a data-link-type="dfn|abstract-op" href="#dfn-surveillance" class="internalDFN" id="ref-for-dfn-surveillance-1">surveillance</a> may be pursued by these actors. Pervasive monitoring,
+High-level threats including surveillance may be pursued by these actors ([<cite><a class="bibref" data-link-type="biblio" href="#bib-rfc6973" title="Privacy Considerations for Internet Protocols">RFC6973</a></cite>]). Pervasive monitoring,
 a form of large-scale, indiscriminate surveillance, is a known attack on the privacy of users of the
 internet and the web [<cite><a class="bibref" data-link-type="biblio" href="#bib-rfc7258" title="Pervasive Monitoring Is an Attack">RFC7258</a></cite>].</p>
 <p>Information flows may also involve other people — for example, other users of a site —
 which could include friends, family members, teachers, strangers, or government officials. Some
-threats to privacy, including both <a data-link-type="dfn|abstract-op" href="#dfn-disclosure" class="internalDFN" id="ref-for-dfn-disclosure-1">disclosure</a> and harassment, may be particular to the other
-people involved in the information flow.</p>
+threats to privacy, including both disclosure and harassment, may be particular to the other
+people involved in the information flow ([<cite><a class="bibref" data-link-type="biblio" href="#bib-rfc6973" title="Privacy Considerations for Internet Protocols">RFC6973</a></cite>]).</p>
 <section id="individual-autonomy"><div class="header-wrapper"><h3 id="autonomy"><bdi class="secno">1.1 </bdi>Individual Autonomy</h3><a class="self-link" href="#autonomy" aria-label="Permalink for Section 1.1"></a></div><p>A <a data-link-type="dfn|abstract-op" href="#dfn-individual" class="internalDFN" id="ref-for-dfn-individual-7">person</a>'s <dfn data-lt="autonomous|autonomy" id="dfn-autonomous" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">autonomy</dfn> is their ability to make decisions of their own personal will,
 without undue influence from other <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-8">actors</a>. People have limited intellectual resources and
 time with which to weigh decisions, and they have to rely on shortcuts when making decisions. This makes it possible
@@ -1369,7 +1369,7 @@ <h1 id="title" class="title">Privacy Principles</h1>
 trick other people into thinking a belief has more support than it really has. This
 violates the other people's rights to be free from manipulation.</p>
 <p>On the other hand, identifying everyone with enough detail to detect these cases tends to
-violate their rights to be free from <a data-link-type="dfn|abstract-op" href="#dfn-surveillance" class="internalDFN" id="ref-for-dfn-surveillance-2">surveillance</a> and <a data-link-type="dfn|abstract-op" href="#dfn-correlation" class="internalDFN" id="ref-for-dfn-correlation-1">correlation</a>.</p>
+violate their rights to be free from surveillance and correlation. ([<cite><a class="bibref" data-link-type="biblio" href="#bib-rfc6973" title="Privacy Considerations for Internet Protocols">RFC6973</a></cite>])</p>
 </aside>
 
 <aside class="example" id="example-children"><div class="marker">
@@ -2019,7 +2019,7 @@ <h1 id="title" class="title">Privacy Principles</h1>
 
 <div class="practice principle" data-audiences="websites user-agents"><a class="marker self-link" href="#no-secondary-use"><bdi lang="en">Principle</bdi></a>: <span class="practicelab" id="no-secondary-use">
     <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-35">Actors</a> should not use personal data for purposes other than those specified. (Other uses are often called
-    <a data-link-type="dfn|abstract-op" href="#dfn-secondary-use" class="internalDFN" id="ref-for-dfn-secondary-use-1">secondary uses</a>.)
+    secondary uses [<cite><a class="bibref" data-link-type="biblio" href="#bib-rfc6973" title="Privacy Considerations for Internet Protocols">RFC6973</a></cite>].)
   </span>
   
 <div class="audience-label"><span class="audience-websites">websites</span><span class="audience-user-agents">user agents</span></div></div>
@@ -2427,79 +2427,12 @@ <h1 id="title" class="title">Privacy Principles</h1>
 user logged into the site via an API like <cite><a data-matched-text="[[[credential-management-1]]]" href="https://www.w3.org/TR/credential-management-1/">Credential Management Level 1</a></cite>).</p>
 </section></section></section>
 
-<section class="appendix" id="high-level-threats"><div class="header-wrapper"><h2 id="threats"><bdi class="secno">B. </bdi>High-Level Threats</h2><a class="self-link" href="#threats" aria-label="Permalink for Appendix B."></a></div>
-
-<p>User agents should attempt to defend the people using them from a variety of high-level
-threats or attacker goals, described in this section.</p>
-<p>These threats are an extension of the ones discussed by [<cite><a class="bibref" data-link-type="biblio" href="#bib-rfc6973" title="Privacy Considerations for Internet Protocols">RFC6973</a></cite>].</p>
-<dl>
-<dt><dfn id="dfn-correlation" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">Correlation</dfn>
-
-</dt><dd> Correlation is the combination of various pieces of information related to an
-    individual or that obtain that characteristic when combined. See
-    <a href="https://www.rfc-editor.org/rfc/rfc6973#section-5.2.1">RFC6973§5.2.1</a>.
-
-</dd><dt>Data Compromise
-
-</dt><dd> End systems that do not take adequate measures to secure data from
-    unauthorized or inappropriate access. See <a href="https://www.rfc-editor.org/rfc/rfc6973#section-5.1.2">RFC6973§5.1.2</a>.
-
-</dd><dt><dfn id="dfn-disclosure" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">Disclosure</dfn>
-
-</dt><dd>Disclosure is the revelation of information about an individual that affects
-    the way others judge the individual. See <a href="https://www.rfc-editor.org/rfc/rfc6973#section-5.2.4">RFC6973§5.2.4</a>.
-
-</dd><dt>Exclusion
-
-</dt><dd>Exclusion is the failure to allow individuals to know about the data that
-    others have about them and to participate in its handling and use. See
-    <a href="https://www.rfc-editor.org/rfc/rfc6973#section-5.2.5">RFC6973§5.2.5</a>.
-
-</dd><dt>Identification
-
-</dt><dd>Identification is the linking of information to a particular individual, even if the information
-isn't linked to that individual's real-world identity (e.g. their legal name, address, government ID
-number, etc.). Identifying someone allows a system to treat them differently from others, which can
-be <a data-link-type="dfn|abstract-op" href="#dfn-inappropriately" class="internalDFN" id="ref-for-dfn-inappropriately-7">inappropriate</a> depending on the <a data-link-type="dfn|abstract-op" href="#dfn-context" class="internalDFN" id="ref-for-dfn-context-36">context</a>. See
-<a href="https://www.rfc-editor.org/rfc/rfc6973#section-5.2.2">RFC6973§5.2.2</a>.
-
-</dd><dt><dfn id="dfn-intrusion" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">Intrusion</dfn>
-
-</dt><dd> <a data-link-type="dfn|abstract-op" href="#dfn-intrusion" class="internalDFN" id="ref-for-dfn-intrusion-1">Intrusion</a> consists of invasive acts that disturb or interrupt one’s life or
-    activities. See <a href="https://www.rfc-editor.org/rfc/rfc6973#section-5.1.3">RFC6973§5.1.3</a>.
-
-</dd><dt>Misattribution
-
-</dt><dd> Misattribution occurs when data or communications related to one individual
-    are attributed to another. See <a href="https://www.rfc-editor.org/rfc/rfc6973#section-5.1.4">RFC6973§5.1.4</a>.
-
-</dd><dt>Profiling</dt>
-
-<dd>The inference, evaluation, or prediction of an individual's attributes, interests, or
-behaviours.</dd>
-
-<dt><dfn data-plurals="secondary uses" id="dfn-secondary-use" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">Secondary Use</dfn>
-
-</dt><dd> Secondary use is the use of collected information about an individual without
-    the individual’s consent for a purpose different from that for which the
-    information was collected. See <a href="https://www.rfc-editor.org/rfc/rfc6973#section-5.2.3">RFC6973§5.2.3</a>.
-
-</dd><dt><dfn id="dfn-surveillance" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">Surveillance</dfn>
-
-</dt><dd> Surveillance is the observation or monitoring of an individual’s
-communications or activities. See <a href="https://www.rfc-editor.org/rfc/rfc6973#section-5.1.1">RFC6973§5.1.1</a>.
-</dd></dl>
-
-<p>These threats combine into the particular concrete threats we want web
-specifications to defend against, described in the sections that follow.</p>
-</section>
-
-<section class="appendix" id="bp-summary"><div class="header-wrapper"><h2 id="c-best-practices-summary"><bdi class="secno">C. </bdi>Principles Summary</h2><a class="self-link" href="#bp-summary" aria-label="Permalink for Appendix C."></a></div><ul><li><a class="marker self-link" href="#principle-pareto-frontier"><bdi lang="en">Principle</bdi></a>: <span class="practicelab">When confronted with an
+<section class="appendix" id="bp-summary"><div class="header-wrapper"><h2 id="b-best-practices-summary"><bdi class="secno">B. </bdi>Principles Summary</h2><a class="self-link" href="#bp-summary" aria-label="Permalink for Appendix B."></a></div><ul><li><a class="marker self-link" href="#principle-pareto-frontier"><bdi lang="en">Principle</bdi></a>: <span class="practicelab">When confronted with an
 apparent tradeoff, first look for ways to improve all principles at once.</span><span class="audience-label"><span class="audience-websites">websites</span><span class="audience-user-agents">user agents</span><span class="audience-api-designers">API designers</span></span></li><li><a class="marker self-link" href="#principle-limited-collection-for-safety"><bdi lang="en">Principle</bdi></a>: <span class="practicelab">If a service
 needs to collect extra data from its users in order to protect those or other users, it
 must take extra technical and legal measures to ensure that this data can't be then used
 for other purposes, like to grow the service.</span><span class="audience-label"><span class="audience-websites">websites</span><span class="audience-user-agents">user agents</span></span></li><li><a class="marker self-link" href="#principle-identity-per-context"><bdi lang="en">Principle</bdi></a>: <span class="practicelab">A <a data-link-type="dfn|abstract-op" data-type="dfn" href="https://infra.spec.whatwg.org/#user-agent">user agent</a>
-should help its user present the <a data-link-type="dfn|abstract-op" href="#dfn-identity" class="internalDFN" id="ref-for-dfn-identity-10">identity</a> they want in each <a data-link-type="dfn|abstract-op" href="#dfn-context" class="internalDFN" id="ref-for-dfn-context-37">context</a>
+should help its user present the <a data-link-type="dfn|abstract-op" href="#dfn-identity" class="internalDFN" id="ref-for-dfn-identity-10">identity</a> they want in each <a data-link-type="dfn|abstract-op" href="#dfn-context" class="internalDFN" id="ref-for-dfn-context-36">context</a>
 they are in, and should prevent or support <a data-link-type="dfn|abstract-op" href="#dfn-recognize" class="internalDFN" id="ref-for-dfn-recognize-21">recognition</a> as appropriate.
 </span><span class="audience-label"><span class="audience-user-agents">user agents</span></span></li><li><a class="marker self-link" href="#bp-sites-user-agents-and-other-actors-should-restrict-the-data-they-transfer-to-what-s-either-necessary-to-achieve-their-users-goals-or-aligns-with-their-users-wishes-and-interests"><bdi lang="en">Principle</bdi></a>: <span class="practicelab"><a data-link-type="dfn|abstract-op" data-type="dfn" href="https://html.spec.whatwg.org/multipage/browsers.html#site">Sites</a>, <a data-link-type="dfn|abstract-op" data-type="dfn" href="https://infra.spec.whatwg.org/#user-agent">user agents</a>, and other <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-68">actors</a>
 should restrict the <a data-link-type="dfn|abstract-op" href="#dfn-data" class="internalDFN" id="ref-for-dfn-data-56">data</a> they transfer to what's either necessary to achieve their users'
@@ -2518,7 +2451,7 @@ <h1 id="title" class="title">Privacy Principles</h1>
     There is broad consensus that some categories of information such as credit card numbers
     or precise geolocation are sensitive, but system designers should not assume that other 
     categories of information are therefore <em>not</em> sensitive. Whether information is 
-    considered sensitive can vary depending on a <a data-link-type="dfn|abstract-op" href="#dfn-individual" class="internalDFN" id="ref-for-dfn-individual-139">person</a>'s circumstances and the <a data-link-type="dfn|abstract-op" href="#dfn-context" class="internalDFN" id="ref-for-dfn-context-38">context</a> 
+    considered sensitive can vary depending on a <a data-link-type="dfn|abstract-op" href="#dfn-individual" class="internalDFN" id="ref-for-dfn-individual-139">person</a>'s circumstances and the <a data-link-type="dfn|abstract-op" href="#dfn-context" class="internalDFN" id="ref-for-dfn-context-37">context</a> 
     of an interaction, and it can change over time.
   </span><span class="audience-label"><span class="audience-websites">websites</span><span class="audience-user-agents">user agents</span><span class="audience-api-designers">API designers</span></span></li><li><a class="marker self-link" href="#respect-data-rights"><bdi lang="en">Principle</bdi></a>: <span class="practicelab">
     <a data-link-type="dfn|abstract-op" href="#dfn-individual" class="internalDFN" id="ref-for-dfn-individual-140">People</a> have certain rights over <a data-link-type="dfn|abstract-op" href="#dfn-data" class="internalDFN" id="ref-for-dfn-data-59">data</a> that is about themselves, and these rights should
@@ -2548,7 +2481,7 @@ <h1 id="title" class="title">Privacy Principles</h1>
     for which the data will be used.
   </span><span class="audience-label"><span class="audience-websites">websites</span><span class="audience-user-agents">user agents</span></span></li><li><a class="marker self-link" href="#no-secondary-use"><bdi lang="en">Principle</bdi></a>: <span class="practicelab">
     <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-71">Actors</a> should not use personal data for purposes other than those specified. (Other uses are often called
-    <a data-link-type="dfn|abstract-op" href="#dfn-secondary-use" class="internalDFN" id="ref-for-dfn-secondary-use-2">secondary uses</a>.)
+    secondary uses [<cite><a class="bibref" data-link-type="biblio" href="#bib-rfc6973" title="Privacy Considerations for Internet Protocols">RFC6973</a></cite>].)
   </span><span class="audience-label"><span class="audience-websites">websites</span><span class="audience-user-agents">user agents</span></span></li><li><a class="marker self-link" href="#transparency-when-requested"><bdi lang="en">Principle</bdi></a>: <span class="practicelab">
     When accessing data or requesting permission, <a data-link-type="dfn|abstract-op" data-type="dfn" href="https://html.spec.whatwg.org/multipage/browsers.html#site">sites</a> (and other <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-72">actors</a>) should provide
     <a data-link-type="dfn|abstract-op" href="#dfn-individual" class="internalDFN" id="ref-for-dfn-individual-141">people</a> with relevant explanatory information about the use of data, and <a data-link-type="dfn|abstract-op" data-type="dfn" href="https://infra.spec.whatwg.org/#user-agent">user agents</a>
@@ -2586,7 +2519,7 @@ <h1 id="title" class="title">Privacy Principles</h1>
     promise on the user's behalf about the user or their environment.
   </span><span class="audience-label"><span class="audience-api-designers">API designers</span></span></li></ul></section>
 
-<section class="appendix" id="conformance"><div class="header-wrapper"><h2 id="d-conformance"><bdi class="secno">D. </bdi>Conformance</h2><a class="self-link" href="#conformance" aria-label="Permalink for Appendix D."></a></div>
+<section class="appendix" id="conformance"><div class="header-wrapper"><h2 id="c-conformance"><bdi class="secno">C. </bdi>Conformance</h2><a class="self-link" href="#conformance" aria-label="Permalink for Appendix C."></a></div>
 
 
 <p>This document does not adhere to strict [<cite><a class="bibref" data-link-type="biblio" href="#bib-rfc2119" title="Key words for use in RFCs to Indicate Requirement Levels">RFC2119</a></cite>] terminology because it is primarily of
@@ -2598,7 +2531,7 @@ <h1 id="title" class="title">Privacy Principles</h1>
 </section>
 
 
-<section class="appendix" id="acknowledgements-0"><div class="header-wrapper"><h2 id="acknowledgements"><bdi class="secno">E. </bdi>Acknowledgements</h2><a class="self-link" href="#acknowledgements" aria-label="Permalink for Appendix E."></a></div>
+<section class="appendix" id="acknowledgements-0"><div class="header-wrapper"><h2 id="acknowledgements"><bdi class="secno">D. </bdi>Acknowledgements</h2><a class="self-link" href="#acknowledgements" aria-label="Permalink for Appendix D."></a></div>
 
 <p>Some of the definitions in this document build on top of the work in
 <cite><a data-matched-text="[[[tracking-dnt]]]" href="https://www.w3.org/TR/tracking-dnt/">Tracking Preference Expression (DNT)</a></cite>.</p>
@@ -2625,7 +2558,7 @@ <h1 id="title" class="title">Privacy Principles</h1>
 Wendy Seltzer.</p>
 </section>
 
-<section class="appendix" id="issue-summary"><div class="header-wrapper"><h2 id="f-issue-summary"><bdi class="secno">F. </bdi>Issue summary</h2><a class="self-link" href="#issue-summary" aria-label="Permalink for Appendix F."></a></div><p>There are no issues listed in this specification.</p></section><section id="references" class="appendix"><div class="header-wrapper"><h2 id="g-references"><bdi class="secno">G. </bdi>References</h2><a class="self-link" href="#references" aria-label="Permalink for Appendix G."></a></div><section id="informative-references"><div class="header-wrapper"><h3 id="g-1-informative-references"><bdi class="secno">G.1 </bdi>Informative references</h3><a class="self-link" href="#informative-references" aria-label="Permalink for Appendix G.1"></a></div>
+<section class="appendix" id="issue-summary"><div class="header-wrapper"><h2 id="e-issue-summary"><bdi class="secno">E. </bdi>Issue summary</h2><a class="self-link" href="#issue-summary" aria-label="Permalink for Appendix E."></a></div><p>There are no issues listed in this specification.</p></section><section id="references" class="appendix"><div class="header-wrapper"><h2 id="f-references"><bdi class="secno">F. </bdi>References</h2><a class="self-link" href="#references" aria-label="Permalink for Appendix F."></a></div><section id="informative-references"><div class="header-wrapper"><h3 id="f-1-informative-references"><bdi class="secno">F.1 </bdi>Informative references</h3><a class="self-link" href="#informative-references" aria-label="Permalink for Appendix F.1"></a></div>
     
     <dl class="bibliography"><dt id="bib-adding-permissions">[ADDING-PERMISSIONS]</dt><dd>
       <a href="https://github.com/w3cping/adding-permissions"><cite>Adding another permission? A guide</cite></a>. Nick Doty. 2018. URL: <a href="https://github.com/w3cping/adding-permissions">https://github.com/w3cping/adding-permissions</a>
@@ -2869,7 +2802,7 @@ <h1 id="title" class="title">Privacy Principles</h1>
     </li><li>
       <a href="#ref-for-dfn-opt-in-13" title="§ A.1 People">§ A.1 People</a> 
     </li><li>
-      <a href="#ref-for-dfn-opt-in-14" title="§ C. Best Practices Summary">§ C. Best Practices Summary</a> 
+      <a href="#ref-for-dfn-opt-in-14" title="§ B. Best Practices Summary">§ B. Best Practices Summary</a> 
     </li>
   </ul>
     </div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-opt-out" aria-label="Links in this document to definition: opt-out">
@@ -3053,7 +2986,7 @@ <h1 id="title" class="title">Privacy Principles</h1>
     </li><li>
       <a href="#ref-for-dfn-identity-9" title="§ A.5.1 Recognition Types">§ A.5.1 Recognition Types</a> 
     </li><li>
-      <a href="#ref-for-dfn-identity-10" title="§ C. Best Practices Summary">§ C. Best Practices Summary</a> 
+      <a href="#ref-for-dfn-identity-10" title="§ B. Best Practices Summary">§ B. Best Practices Summary</a> 
     </li>
   </ul>
     </div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-ancillary-use" aria-label="Links in this document to definition: ancillary uses">
@@ -3093,7 +3026,7 @@ <h1 id="title" class="title">Privacy Principles</h1>
     <li>
       <a href="#ref-for-dfn-ancillary-apis-computed-from-existing-information-1" title="§ 2.2.1 Ancillary uses">§ 2.2.1 Ancillary uses</a> <a href="#ref-for-dfn-ancillary-apis-computed-from-existing-information-2" title="Reference 2">(2)</a> 
     </li><li>
-      <a href="#ref-for-dfn-ancillary-apis-computed-from-existing-information-3" title="§ C. Best Practices Summary">§ C. Best Practices Summary</a> 
+      <a href="#ref-for-dfn-ancillary-apis-computed-from-existing-information-3" title="§ B. Best Practices Summary">§ B. Best Practices Summary</a> 
     </li>
   </ul>
     </div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-ancillary-apis-that-provide-new-information" aria-label="Links in this document to definition: Ancillary APIs that provide new information">
@@ -3109,7 +3042,7 @@ <h1 id="title" class="title">Privacy Principles</h1>
     </li><li>
       <a href="#ref-for-dfn-ancillary-apis-that-provide-new-information-2" title="§ 2.2.1.1 Designing ancillary APIs that provide new information">§ 2.2.1.1 Designing ancillary APIs that provide new information</a> <a href="#ref-for-dfn-ancillary-apis-that-provide-new-information-3" title="Reference 2">(2)</a> <a href="#ref-for-dfn-ancillary-apis-that-provide-new-information-4" title="Reference 3">(3)</a> 
     </li><li>
-      <a href="#ref-for-dfn-ancillary-apis-that-provide-new-information-5" title="§ C. Best Practices Summary">§ C. Best Practices Summary</a> <a href="#ref-for-dfn-ancillary-apis-that-provide-new-information-6" title="Reference 2">(2)</a> <a href="#ref-for-dfn-ancillary-apis-that-provide-new-information-7" title="Reference 3">(3)</a> 
+      <a href="#ref-for-dfn-ancillary-apis-that-provide-new-information-5" title="§ B. Best Practices Summary">§ B. Best Practices Summary</a> <a href="#ref-for-dfn-ancillary-apis-that-provide-new-information-6" title="Reference 2">(2)</a> <a href="#ref-for-dfn-ancillary-apis-that-provide-new-information-7" title="Reference 3">(3)</a> 
     </li>
   </ul>
     </div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-access-guard" aria-label="Links in this document to definition: guard access">
@@ -3201,7 +3134,7 @@ <h1 id="title" class="title">Privacy Principles</h1>
     </li><li>
       <a href="#ref-for-dfn-de-identify-4" title="§ A.4 Acting on Data">§ A.4 Acting on Data</a> 
     </li><li>
-      <a href="#ref-for-dfn-de-identify-5" title="§ C. Best Practices Summary">§ C. Best Practices Summary</a> 
+      <a href="#ref-for-dfn-de-identify-5" title="§ B. Best Practices Summary">§ B. Best Practices Summary</a> 
     </li>
   </ul>
     </div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-controlled-de-identified-data" aria-label="Links in this document to definition: controlled de-identified data">
@@ -3229,7 +3162,7 @@ <h1 id="title" class="title">Privacy Principles</h1>
     <li>
       <a href="#ref-for-dfn-administrator-1" title="§ 2.8 Device Owners and Administrators">§ 2.8 Device Owners and Administrators</a> <a href="#ref-for-dfn-administrator-2" title="Reference 2">(2)</a> <a href="#ref-for-dfn-administrator-3" title="Reference 3">(3)</a> <a href="#ref-for-dfn-administrator-4" title="Reference 4">(4)</a> <a href="#ref-for-dfn-administrator-5" title="Reference 5">(5)</a> <a href="#ref-for-dfn-administrator-6" title="Reference 6">(6)</a> <a href="#ref-for-dfn-administrator-7" title="Reference 7">(7)</a> <a href="#ref-for-dfn-administrator-8" title="Reference 8">(8)</a> <a href="#ref-for-dfn-administrator-9" title="Reference 9">(9)</a> 
     </li><li>
-      <a href="#ref-for-dfn-administrator-10" title="§ C. Best Practices Summary">§ C. Best Practices Summary</a> 
+      <a href="#ref-for-dfn-administrator-10" title="§ B. Best Practices Summary">§ B. Best Practices Summary</a> 
     </li>
   </ul>
     </div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-device-owner" aria-label="Links in this document to definition: owner">
@@ -3257,7 +3190,7 @@ <h1 id="title" class="title">Privacy Principles</h1>
     </li><li>
       <a href="#ref-for-dfn-abuse-2" title="§ 2.9 Protecting web users from abusive behaviour">§ 2.9 Protecting web users from abusive behaviour</a> <a href="#ref-for-dfn-abuse-3" title="Reference 2">(2)</a> <a href="#ref-for-dfn-abuse-4" title="Reference 3">(3)</a> <a href="#ref-for-dfn-abuse-5" title="Reference 4">(4)</a> <a href="#ref-for-dfn-abuse-6" title="Reference 5">(5)</a> <a href="#ref-for-dfn-abuse-7" title="Reference 6">(6)</a> 
     </li><li>
-      <a href="#ref-for-dfn-abuse-8" title="§ C. Best Practices Summary">§ C. Best Practices Summary</a> <a href="#ref-for-dfn-abuse-9" title="Reference 2">(2)</a> 
+      <a href="#ref-for-dfn-abuse-8" title="§ B. Best Practices Summary">§ B. Best Practices Summary</a> <a href="#ref-for-dfn-abuse-9" title="Reference 2">(2)</a> 
     </li>
   </ul>
     </div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-harassment" aria-label="Links in this document to definition: harassment">
@@ -3345,7 +3278,7 @@ <h1 id="title" class="title">Privacy Principles</h1>
     </li><li>
       <a href="#ref-for-dfn-individual-137" title="§ A.5.1 Recognition Types">§ A.5.1 Recognition Types</a> <a href="#ref-for-dfn-individual-138" title="Reference 2">(2)</a> 
     </li><li>
-      <a href="#ref-for-dfn-individual-139" title="§ C. Best Practices Summary">§ C. Best Practices Summary</a> <a href="#ref-for-dfn-individual-140" title="Reference 2">(2)</a> <a href="#ref-for-dfn-individual-141" title="Reference 3">(3)</a> <a href="#ref-for-dfn-individual-142" title="Reference 4">(4)</a> <a href="#ref-for-dfn-individual-143" title="Reference 5">(5)</a> <a href="#ref-for-dfn-individual-144" title="Reference 6">(6)</a> <a href="#ref-for-dfn-individual-145" title="Reference 7">(7)</a> <a href="#ref-for-dfn-individual-146" title="Reference 8">(8)</a> <a href="#ref-for-dfn-individual-147" title="Reference 9">(9)</a> <a href="#ref-for-dfn-individual-148" title="Reference 10">(10)</a> <a href="#ref-for-dfn-individual-149" title="Reference 11">(11)</a> 
+      <a href="#ref-for-dfn-individual-139" title="§ B. Best Practices Summary">§ B. Best Practices Summary</a> <a href="#ref-for-dfn-individual-140" title="Reference 2">(2)</a> <a href="#ref-for-dfn-individual-141" title="Reference 3">(3)</a> <a href="#ref-for-dfn-individual-142" title="Reference 4">(4)</a> <a href="#ref-for-dfn-individual-143" title="Reference 5">(5)</a> <a href="#ref-for-dfn-individual-144" title="Reference 6">(6)</a> <a href="#ref-for-dfn-individual-145" title="Reference 7">(7)</a> <a href="#ref-for-dfn-individual-146" title="Reference 8">(8)</a> <a href="#ref-for-dfn-individual-147" title="Reference 9">(9)</a> <a href="#ref-for-dfn-individual-148" title="Reference 10">(10)</a> <a href="#ref-for-dfn-individual-149" title="Reference 11">(11)</a> 
     </li>
   </ul>
     </div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-vulnerable" aria-label="Links in this document to definition: vulnerable person">
@@ -3397,9 +3330,7 @@ <h1 id="title" class="title">Privacy Principles</h1>
     </li><li>
       <a href="#ref-for-dfn-context-33" title="§ A.5.2 User agent awareness of recognition">§ A.5.2 User agent awareness of recognition</a> <a href="#ref-for-dfn-context-34" title="Reference 2">(2)</a> <a href="#ref-for-dfn-context-35" title="Reference 3">(3)</a> 
     </li><li>
-      <a href="#ref-for-dfn-context-36" title="§ B. High-Level Threats">§ B. High-Level Threats</a> 
-    </li><li>
-      <a href="#ref-for-dfn-context-37" title="§ C. Best Practices Summary">§ C. Best Practices Summary</a> <a href="#ref-for-dfn-context-38" title="Reference 2">(2)</a> 
+      <a href="#ref-for-dfn-context-36" title="§ B. Best Practices Summary">§ B. Best Practices Summary</a> <a href="#ref-for-dfn-context-37" title="Reference 2">(2)</a> 
     </li>
   </ul>
     </div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-actor" aria-label="Links in this document to definition: actor">
@@ -3453,7 +3384,7 @@ <h1 id="title" class="title">Privacy Principles</h1>
     </li><li>
       <a href="#ref-for-dfn-actor-57" title="§ A.4 Acting on Data">§ A.4 Acting on Data</a> <a href="#ref-for-dfn-actor-58" title="Reference 2">(2)</a> <a href="#ref-for-dfn-actor-59" title="Reference 3">(3)</a> <a href="#ref-for-dfn-actor-60" title="Reference 4">(4)</a> <a href="#ref-for-dfn-actor-61" title="Reference 5">(5)</a> <a href="#ref-for-dfn-actor-62" title="Reference 6">(6)</a> <a href="#ref-for-dfn-actor-63" title="Reference 7">(7)</a> <a href="#ref-for-dfn-actor-64" title="Reference 8">(8)</a> <a href="#ref-for-dfn-actor-65" title="Reference 9">(9)</a> <a href="#ref-for-dfn-actor-66" title="Reference 10">(10)</a> <a href="#ref-for-dfn-actor-67" title="Reference 11">(11)</a> 
     </li><li>
-      <a href="#ref-for-dfn-actor-68" title="§ C. Best Practices Summary">§ C. Best Practices Summary</a> <a href="#ref-for-dfn-actor-69" title="Reference 2">(2)</a> <a href="#ref-for-dfn-actor-70" title="Reference 3">(3)</a> <a href="#ref-for-dfn-actor-71" title="Reference 4">(4)</a> <a href="#ref-for-dfn-actor-72" title="Reference 5">(5)</a> <a href="#ref-for-dfn-actor-73" title="Reference 6">(6)</a> <a href="#ref-for-dfn-actor-74" title="Reference 7">(7)</a> <a href="#ref-for-dfn-actor-75" title="Reference 8">(8)</a> <a href="#ref-for-dfn-actor-76" title="Reference 9">(9)</a> <a href="#ref-for-dfn-actor-77" title="Reference 10">(10)</a> 
+      <a href="#ref-for-dfn-actor-68" title="§ B. Best Practices Summary">§ B. Best Practices Summary</a> <a href="#ref-for-dfn-actor-69" title="Reference 2">(2)</a> <a href="#ref-for-dfn-actor-70" title="Reference 3">(3)</a> <a href="#ref-for-dfn-actor-71" title="Reference 4">(4)</a> <a href="#ref-for-dfn-actor-72" title="Reference 5">(5)</a> <a href="#ref-for-dfn-actor-73" title="Reference 6">(6)</a> <a href="#ref-for-dfn-actor-74" title="Reference 7">(7)</a> <a href="#ref-for-dfn-actor-75" title="Reference 8">(8)</a> <a href="#ref-for-dfn-actor-76" title="Reference 9">(9)</a> <a href="#ref-for-dfn-actor-77" title="Reference 10">(10)</a> 
     </li>
   </ul>
     </div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-first-party" aria-label="Links in this document to definition: first party">
@@ -3535,7 +3466,7 @@ <h1 id="title" class="title">Privacy Principles</h1>
     </li><li>
       <a href="#ref-for-dfn-data-50" title="§ A.4 Acting on Data">§ A.4 Acting on Data</a> <a href="#ref-for-dfn-data-51" title="Reference 2">(2)</a> <a href="#ref-for-dfn-data-52" title="Reference 3">(3)</a> <a href="#ref-for-dfn-data-53" title="Reference 4">(4)</a> <a href="#ref-for-dfn-data-54" title="Reference 5">(5)</a> <a href="#ref-for-dfn-data-55" title="Reference 6">(6)</a> 
     </li><li>
-      <a href="#ref-for-dfn-data-56" title="§ C. Best Practices Summary">§ C. Best Practices Summary</a> <a href="#ref-for-dfn-data-57" title="Reference 2">(2)</a> <a href="#ref-for-dfn-data-58" title="Reference 3">(3)</a> <a href="#ref-for-dfn-data-59" title="Reference 4">(4)</a> <a href="#ref-for-dfn-data-60" title="Reference 5">(5)</a> <a href="#ref-for-dfn-data-61" title="Reference 6">(6)</a> <a href="#ref-for-dfn-data-62" title="Reference 7">(7)</a> <a href="#ref-for-dfn-data-63" title="Reference 8">(8)</a> 
+      <a href="#ref-for-dfn-data-56" title="§ B. Best Practices Summary">§ B. Best Practices Summary</a> <a href="#ref-for-dfn-data-57" title="Reference 2">(2)</a> <a href="#ref-for-dfn-data-58" title="Reference 3">(3)</a> <a href="#ref-for-dfn-data-59" title="Reference 4">(4)</a> <a href="#ref-for-dfn-data-60" title="Reference 5">(5)</a> <a href="#ref-for-dfn-data-61" title="Reference 6">(6)</a> <a href="#ref-for-dfn-data-62" title="Reference 7">(7)</a> <a href="#ref-for-dfn-data-63" title="Reference 8">(8)</a> 
     </li>
   </ul>
     </div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-identifier" aria-label="Links in this document to definition: identifier">
@@ -3632,8 +3563,6 @@ <h1 id="title" class="title">Privacy Principles</h1>
       <a href="#ref-for-dfn-inappropriately-3" title="§ 1.4 User Agents">§ 1.4 User Agents</a> 
     </li><li>
       <a href="#ref-for-dfn-inappropriately-4" title="§ A.5.1 Recognition Types">§ A.5.1 Recognition Types</a> <a href="#ref-for-dfn-inappropriately-5" title="Reference 2">(2)</a> <a href="#ref-for-dfn-inappropriately-6" title="Reference 3">(3)</a> 
-    </li><li>
-      <a href="#ref-for-dfn-inappropriately-7" title="§ B. High-Level Threats">§ B. High-Level Threats</a> 
     </li>
   </ul>
     </div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-process" aria-label="Links in this document to definition: processes">
@@ -3671,7 +3600,7 @@ <h1 id="title" class="title">Privacy Principles</h1>
     </li><li>
       <a href="#ref-for-dfn-process-32" title="§ A.4 Acting on Data">§ A.4 Acting on Data</a> <a href="#ref-for-dfn-process-33" title="Reference 2">(2)</a> <a href="#ref-for-dfn-process-34" title="Reference 3">(3)</a> <a href="#ref-for-dfn-process-35" title="Reference 4">(4)</a> <a href="#ref-for-dfn-process-36" title="Reference 5">(5)</a> 
     </li><li>
-      <a href="#ref-for-dfn-process-37" title="§ C. Best Practices Summary">§ C. Best Practices Summary</a> <a href="#ref-for-dfn-process-38" title="Reference 2">(2)</a> 
+      <a href="#ref-for-dfn-process-37" title="§ B. Best Practices Summary">§ B. Best Practices Summary</a> <a href="#ref-for-dfn-process-38" title="Reference 2">(2)</a> 
     </li>
   </ul>
     </div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-share" aria-label="Links in this document to definition: shares">
@@ -3717,7 +3646,7 @@ <h1 id="title" class="title">Privacy Principles</h1>
     </li><li>
       <a href="#ref-for-dfn-purpose-8" title="§ A.4 Acting on Data">§ A.4 Acting on Data</a> <a href="#ref-for-dfn-purpose-9" title="Reference 2">(2)</a> <a href="#ref-for-dfn-purpose-10" title="Reference 3">(3)</a> <a href="#ref-for-dfn-purpose-11" title="Reference 4">(4)</a> <a href="#ref-for-dfn-purpose-12" title="Reference 5">(5)</a> <a href="#ref-for-dfn-purpose-13" title="Reference 6">(6)</a> <a href="#ref-for-dfn-purpose-14" title="Reference 7">(7)</a> <a href="#ref-for-dfn-purpose-15" title="Reference 8">(8)</a> 
     </li><li>
-      <a href="#ref-for-dfn-purpose-16" title="§ C. Best Practices Summary">§ C. Best Practices Summary</a> 
+      <a href="#ref-for-dfn-purpose-16" title="§ B. Best Practices Summary">§ B. Best Practices Summary</a> 
     </li>
   </ul>
     </div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-means" aria-label="Links in this document to definition: means">
@@ -3777,7 +3706,7 @@ <h1 id="title" class="title">Privacy Principles</h1>
     </li><li>
       <a href="#ref-for-dfn-recognize-20" title="§ A.5.2 User agent awareness of recognition">§ A.5.2 User agent awareness of recognition</a> 
     </li><li>
-      <a href="#ref-for-dfn-recognize-21" title="§ C. Best Practices Summary">§ C. Best Practices Summary</a> <a href="#ref-for-dfn-recognize-22" title="Reference 2">(2)</a> 
+      <a href="#ref-for-dfn-recognize-21" title="§ B. Best Practices Summary">§ B. Best Practices Summary</a> <a href="#ref-for-dfn-recognize-22" title="Reference 2">(2)</a> 
     </li>
   </ul>
     </div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-cross-context-recognition" aria-label="Links in this document to definition: Cross-context recognition">
@@ -3837,70 +3766,6 @@ <h1 id="title" class="title">Privacy Principles</h1>
     </li><li>
       <a href="#ref-for-dfn-partition-5" title="§ A.5.2 User agent awareness of recognition">§ A.5.2 User agent awareness of recognition</a> <a href="#ref-for-dfn-partition-6" title="Reference 2">(2)</a> <a href="#ref-for-dfn-partition-7" title="Reference 3">(3)</a> <a href="#ref-for-dfn-partition-8" title="Reference 4">(4)</a> 
     </li>
-  </ul>
-    </div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-correlation" aria-label="Links in this document to definition: Correlation">
-      <span class="caret"></span>
-      <div>
-        <a class="self-link" href="#dfn-correlation" aria-label="Permalink for definition: Correlation. Activate to close this dialog.">Permalink</a>
-         
-      </div>
-      <p><b>Referenced in:</b></p>
-      <ul>
-    <li>
-      <a href="#ref-for-dfn-correlation-1" title="§ 1.5 Incorporating Different Privacy Principles">§ 1.5 Incorporating Different Privacy Principles</a> 
-    </li>
-  </ul>
-    </div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-disclosure" aria-label="Links in this document to definition: Disclosure">
-      <span class="caret"></span>
-      <div>
-        <a class="self-link" href="#dfn-disclosure" aria-label="Permalink for definition: Disclosure. Activate to close this dialog.">Permalink</a>
-         
-      </div>
-      <p><b>Referenced in:</b></p>
-      <ul>
-    <li>
-      <a href="#ref-for-dfn-disclosure-1" title="§ 1. An Introduction to Privacy on the Web">§ 1. An Introduction to Privacy on the Web</a> 
-    </li>
-  </ul>
-    </div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-intrusion" aria-label="Links in this document to definition: Intrusion">
-      <span class="caret"></span>
-      <div>
-        <a class="self-link" href="#dfn-intrusion" aria-label="Permalink for definition: Intrusion. Activate to close this dialog.">Permalink</a>
-         
-      </div>
-      <p><b>Referenced in:</b></p>
-      <ul>
-    <li>
-      <a href="#ref-for-dfn-intrusion-1" title="§ B. High-Level Threats">§ B. High-Level Threats</a> 
-    </li>
-  </ul>
-    </div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-secondary-use" aria-label="Links in this document to definition: Secondary Use">
-      <span class="caret"></span>
-      <div>
-        <a class="self-link" href="#dfn-secondary-use" aria-label="Permalink for definition: Secondary Use. Activate to close this dialog.">Permalink</a>
-         
-      </div>
-      <p><b>Referenced in:</b></p>
-      <ul>
-    <li>
-      <a href="#ref-for-dfn-secondary-use-1" title="§ 2.10 Purpose limitation">§ 2.10 Purpose limitation</a> 
-    </li><li>
-      <a href="#ref-for-dfn-secondary-use-2" title="§ C. Best Practices Summary">§ C. Best Practices Summary</a> 
-    </li>
-  </ul>
-    </div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-surveillance" aria-label="Links in this document to definition: Surveillance">
-      <span class="caret"></span>
-      <div>
-        <a class="self-link" href="#dfn-surveillance" aria-label="Permalink for definition: Surveillance. Activate to close this dialog.">Permalink</a>
-         
-      </div>
-      <p><b>Referenced in:</b></p>
-      <ul>
-    <li>
-      <a href="#ref-for-dfn-surveillance-1" title="§ 1. An Introduction to Privacy on the Web">§ 1. An Introduction to Privacy on the Web</a> 
-    </li><li>
-      <a href="#ref-for-dfn-surveillance-2" title="§ 1.5 Incorporating Different Privacy Principles">§ 1.5 Incorporating Different Privacy Principles</a> 
-    </li>
   </ul>
     </div><script id="respec-dfn-panel">(() => {
 // @ts-check