W3C home > Mailing lists > Public > public-tracking-international@w3.org > December 2012

action-346 issue-189 A new API linking EU consent and DNT.

From: Mike O'Neill <michael.oneill@baycloud.com>
Date: Sat, 29 Dec 2012 18:28:13 -0000
To: <public-tracking@w3.org>, <public-tracking-international@w3.org>
Message-ID: <03d101cde5f2$43498370$c9dc8a50$@baycloud.com>
 

Here is a draft API that attempts to solve some of the inconsistencies
between the Do Not Track signal and the EU requirement for explicit informed
consent. It completes my action-346.

 

The main reason for a new API is to allow per-user signalling of
third-parties perhaps residing in different jurisdictions to the
first-party.

 

Because in Europe consent must be obtained by default there is a need to
signal embedded third-parties that may be operating under different rules.  

 

Also, because contractual agreements between parties are rare, first-parties
need to have a way to ensure that third-parties honour the (consent) signal
in a way that meets the first-party's legal requirements. 

 

The API lets a first-party:

.        use DNT:0 as a consent signal for a subset of its own pages.

.        use wildcard characters for URI matching.

.        signal third-parties with DNT=1 as well as DNT=0. This lets the
first-party signal that  consent is necessary (e.g. because the site targets
EU citizens), even if the DNT general preference is unset. 

.        get the user-agent to block less trusted third-parties. HTTP
requests to specified third-parties are skipped as if they were matched by a
Tracking Selection List block rule, but only within the context of the
first-party site. 

.        override block rules in global Tracking Selection Lists if local
consent has been given.

 

It is designed to be multi-purpose and extensible.

 

Wishing everyone a happy New Year

 

Mike





Received on Saturday, 29 December 2012 18:29:01 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Saturday, 29 December 2012 18:29:01 GMT