- From: Mike O'Neill <michael.oneill@baycloud.com>
- Date: Tue, 17 Oct 2017 19:09:35 +0100
- To: "'Peter Cranstone'" <peter.cranstone@3phealth.com>, "'Robin Berjon'" <robin.berjon@nytimes.com>
- Cc: "'Aleecia M. McDonald'" <aleecia@aleecia.com>, "'public-tracking-comments w3.org'" <public-tracking-comments@w3.org>
- Message-ID: <04d101d34773$1767b500$46371f00$@baycloud.com>
Hi Peter, Thanks for mentioning Bouncer, but I take issue with some of this. The point of DNT is that there is a common understanding between sites and browsers of what signal indicates user consent. The browser communicates to every server (for sites as well as third-parties) a specific-to-them indication i.e. if they do not receive DNT:0 the user has not given their consent to that domain (there is an out-of-band indication mechanism also, but this is only useful while browser have not implemented the API). This means the user can give or revoke their consent in their browser, and the site can equally do that also (registering it in the browser via the UGE API). Similarly servers have a protocol for communicating their identity and, if want to track, why. They can explain what their purposes for tracking are, and the browser can record that when consent is given, so the user can be reminded of it - perhaps to revoke it later. This means that, when browsers have fully implemented the protocol, sites will not have to assemble a table of all the subresources that may appear on the site, the browser (or extensions) can do that for them. Third-party servers that do not support DNT will be instantly recognisable, and there will be no need to block those, or their cookies, that fully respect a user’s preference. As others have said, how an absent DNT header is interpreted is a local matter and it has been recognised from the start that DNT:1 must be assumed in Europe. But sites with an international audience have always had to be aware of jurisdiction and this can easily be dealt with in the same way. Also, referring back to another of your posts, automatic expiry has been part of the DNT protocol since 2014 (the maxAge parameter for the API). Mike From: Peter Cranstone [mailto:peter.cranstone@3phealth.com] Sent: 17 October 2017 17:12 To: Robin Berjon <robin.berjon@nytimes.com> Cc: Aleecia M. McDonald <aleecia@aleecia.com>; public-tracking-comments w3.org <public-tracking-comments@w3.org> Subject: Re: Mapping DNT to GDPR Hi Robin, I would like to suggest an alternative approach to understanding the core problem you face with GDPR… Meaningful Consent. It seems to be the one thing nobody really wants to address, and yet it is fundamental to Privacy. Here’s a simple use case for you: * Install Chrome * Install the BayCloud Bouncer extension (link <https://chrome.google.com/webstore/detail/baycloud-bouncer/bplgfejjkplajgmkcbbgaeceamceohkc?hl=en-US> ) * Remove ALL ad blocking software from Chrome (or disable it) * Visit the NYT web site and then click on the extension for information That’s it. You will see approximately (it changes) 10 first parties and 76 third parties. Based on GDPR, and where meaningful consent is REQUIRED, the NYT will have to provide a page BEFORE anything else loads that lists each and every Party with an explanation of what each is doing with my data. The data subject then has the ability to either opt in or opt out. Here is where your challenge really appears - and where DNT is not designed to go. You are essentially having a private conversation, a negotiation if you will, with the consumer. You really want them to opt in otherwise you’ll be serving generic ads and the value of that person to you will decrease. Once the data subject has made a decision, then from that point on the NYT will have to recognize them, respect their choices and then respond appropriately to them. Privacy just became contextual. No one person will likely be the same as the next. You will not only have to track them all - you will have to send different pages to each of them. This is all about the user generated exception database that is missing from the spec. (Out of scope). And that right there is where DNT fails and also where the browser extension also fails. It does a wonderful job of implementing the API and allowing you to block everything, but the NYT has NO IDEA of what just happened, because nothing was communicated back to them. Essentially by blocking all third parties it became an ad blocker on steroids. That is NOT what you want. You need to engage in a digital conversation with the data subject in real time and record their choices (preferences) and then respond accordingly. If you want you can refer to Aleecia’s paper - https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2588086 Go to page 35 Appendix A where she has the AP News example. Here’s the code… IF user is in the EU THEN IF DNT:0 /* there is consent to track */ THEN read, set, and process unique identifiers as ELSE treat as DNT:1 is today; delete cookies ELSE /* applies only to non-EU users */ proceed exactly as today DNT:0 is irrelevant because consent is required - however you CANNOT delete the cookies because you haven’t installed any yet. You have to load a page which I just checked has 1 first party and 20 third parties all of which require consent. To be compliant requires meaningful consent which is a ‘private contract’ between the data subject and the data processor/controller. And each time the user changes their location - say I fly backwards and forwards from NY to Paris twice a month, the settings will change. Plus this all has to work on mobile where it is even harder to determine location with resorting to GPS and then responding with the appropriate mobile page that the user can read and consent to. Cheers, Peter Peter Cranstone CEO, 3PHealth COMS: Mobile/Signal: + <tel:303-246-9954> 1 - <tel:303-246-9954> 303-809-7342 UTC -6hrs Skype: cranstone Website | www.3phealth.com <http://www.3phealth.com> (Healthcare Patient Engagement and Data Interoperability) Website | www.3pmobile.com <http://www.3pmobile.com> (Privacy by Design Platform for GDPR and ePrivacy reg.) CONFIDENTIALITY NOTICE: This e-mail transmission, and any documents, files or previous e-mail messages attached to it may contain information that is confidential or legally privileged. Any unauthorized review, use, disclosure or distribution of such information is prohibited. If you are not the intended recipient, please notify the sender by telephone or return e-mail and delete the original transmission and its attachments and destroy any copies thereof. Thank you. On Oct 17, 2017, at 8:59 AM, Robin Berjon <robin.berjon@nytimes.com <mailto:robin.berjon@nytimes.com> > wrote: Dear all, many thanks for your input. Your suggestions and clarifications largely match my expectations; I expect it will take time before we get around to actually taking DNT into account (as you expect we have our work cut out for GDPR) but it is something that I will keep on my radar and get to when possible. On 10/12/17 6:18 PM, Aleecia M. McDonald wrote: A co-author and I argue that DNT may be used to fulfill GDPR depending on how browsers work [1]. Thanks a lot for that paper; this is definitely a useful read for me. The W3C working group has designed DNT from the start to be a tri-part state. DNT:1- request not to be tracked DNT:0- agreement to be tracked unset- in the US, the user has not made a choice for privacy so it’s ok to still track them. - in the EU, the user has not consented to tracking, so it’s not ok to track them. This is related to the point Roy raised, but a little different. Basically tracking as opt-in v. opt-out flips based on where the user is located. Yes, that is also our expectation. Thank you! -- Robin Berjon The New York Times Company Executive Director, Data Governance robin.berjon@nytimes.com <mailto:robin.berjon@nytimes.com>
Received on Tuesday, 17 October 2017 18:09:58 UTC