Re: ACTION-152 - Write up logged-in-means-out-of-band-consent from Lauren Gelman on 2012-04-02 (public-tracking@w3.org from April 2012)

From: Lauren Gelman <gelman@blurryedge.com>
Date: Mon, 2 Apr 2012 11:54:47 -0700
To: Shane Wiley <wileys@yahoo-inc.com>
Cc: David Singer <singer@apple.com>, "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
Message-Id: <65A2FEEA-3935-4401-AEB9-CB372F1304A9@blurryedge.com>

For clarification, What happens if I am DNT:1 and log into Fidelity and then log out?  Right now, there are about 8 cookies they leave on my browser.  Can you explain what info they can collect for (a) fidelity and affiliates and (b) third party advertisers and what they can do with it when I (1) browse to the website (2) while I am logged in and (3) after I log out.  

On Apr 2, 2012, at 11:40 AM, Shane Wiley wrote:

> Then we are in agreement - YAY!  Now to convince everyone else... 
> 
> - Shane
> 
> -----Original Message-----
> From: David Singer [mailto:singer@apple.com] 
> Sent: Monday, April 02, 2012 11:38 AM
> To: public-tracking@w3.org (public-tracking@w3.org)
> Subject: Re: ACTION-152 - Write up logged-in-means-out-of-band-consent
> 
> 
> On Apr 2, 2012, at 11:31 , Shane Wiley wrote:
> 
>> David and Team,
>> 
>> I mean this only in the context of receiving consent to recognize the user in the logged-in state despite their DNT setting.  
>> 
>> If a service that employs registration (logged-in) is silent on how their service interacts with DNT (we honor it, we don't, you're providing consent to our service to ignore your DNT setting, etc.), then my assumption is that they are not honoring it.  If on the other hand a service states they comply with the DNT standard, they would need to articulate what this means for their registration services.  If a party both states they support DNT and is silent on how this interacts with their registration services, then I would expect they would continue to honor DNT despite a user logged-in status.  If, on the other hand, a service states that it will recognize a user in their logged-in state wherever the user interacts with that service despite other preference settings and the user consents to this, then this would trump the DNT signal.
>> 
> 
> Ah, rather more than I was reading into the text.  Thanks.
> 
> So, what is your "this" here -- "and the user consents to this"?  The user consents to allowing their logged-in state to over-ride any blanket DNT they send?  Then I think we agree -- that's all I am suggesting, that the user's consent to this should be separately sought (and not applied to everyone by virtue of a statement in a privacy document).
> 
> 
> 
> David Singer
> Multimedia and Software Standards, Apple Inc.
> 
> 
> 

Lauren Gelman
BlurryEdge Strategies
415-627-8512
gelman@blurryedge.com
http://blurryedge.com

Received on Monday, 2 April 2012 18:55:22 UTC