RE: Nice airport respects DNT (thank you) from Mike O'Neill on 2015-11-06 (public-privacy@w3.org from October to December 2015)

From: Mike O'Neill <michael.oneill@baycloud.com>
Date: Fri, 6 Nov 2015 15:23:56 -0000
To: <v.toubiana@free.fr>
Cc: <singer@apple.com>, "'public-privacy $W3C mailing list$'" <public-privacy@w3.org>
Message-ID: <0cb401d118a7$27be19f0$773a4dd0$@baycloud.com>

Hi Vincent, that’s great, and it reminds me to mention a possible void in the TPE.

Currently there is no standardised way for privacy enabling script, such as yours here,  to signal compliance because it cannot create a TSR or insert a Tk: header.

There is a standard way for this to happen by allowing the dynamic insertion (via script) of an http-equiv meta tag. CSP2 allows this for Content Security Policy headers, so it would be nice if we created that possibility. Is it time to talk about a TPE addendum? I have a few other ideas informed from experience also.

Mike


-----Original Message-----
From: v.toubiana@free.fr [mailto:v.toubiana@free.fr] 
Sent: 06 November 2015 13:39
To: Mike O'Neill <michael.oneill@baycloud.com>
Cc: singer@apple.com; public-privacy (W3C mailing list) <public-privacy@w3.org>
Subject: Re: Nice airport respects DNT (thank you)

Hi

I think I can help here cause I wrote part of the script they use.

Nice's airport uses the script CNIL published to help websites using "Google Analytics" to get consent before setting cookies. When it gets a DNT:1 header, the script considers that the user opposes to cookies and therefore blocks Google Analytics (similarly if it gets DNT:0 it considers that the user opted-in).

Since this script is meant to be used by website using only GA, the result is that the website stops tracking user who set DNT. Nevertheless, this has no effect on the other cookies and Nice Airport should obtain consent before setting the other cookies.

The purpose of the popup was to explain why there is no consent banner, maybe I should clarify the language (do not hesitate to provide suggestions).

The script is available on GitHub (https://github.com/CNILlab/Cookie-consent_Google-Analytics/blob/master/Tag_google_analytics.js) 
and on CNIL's website(http://www.cnil.fr/vos-obligations/sites-web-cookies-et-autres-traceurs/outils-et-codes-sources/la-mesure-daudience/)

The airport website uses a modified version.

Vincent

----- Mail original -----
De: "Mike O'Neill" <michael.oneill@baycloud.com>
À: singer@apple.com, "public-privacy (W3C mailing list)" <public-privacy@w3.org>
Envoyé: Vendredi 6 Novembre 2015 08:10:06
Objet: RE: Nice airport respects DNT (thank you)




Well, there is no Tk header or TSR, their third-parties still place persistent (2yr) cookies), and they put the same box up whether it is DNT:0 or DNT:1, but I guess it’s the thought that counts. 









From: singer@apple.com [mailto:singer@apple.com] 
Sent: 05 November 2015 20:08 
To: public-privacy (W3C mailing list) <public-privacy@w3.org> 
Subject: Nice airport respects DNT (thank you) 



…or at least, this popped up when I visited the site: 














David Singer 
Manager, Software Standards, Apple Inc.

Received on Friday, 6 November 2015 15:25:16 UTC