Re: ACTION-152 - Write up logged-in-means-out-of-band-consent

On Monday 02 April 2012 11:30:15 David Singer wrote:
> But we are left with the question of defining what the user needs to give
> consent to, and how much consent may reasonably be bundled. That's a
> description of our protocol.

And that's why I believe the YAY of Shane was a bit early. And this exactly 
what JC was suggesting. 

David, the lack of precision of "give consent" is creating a pseudo 
consensus IMHO. We have to be more concrete. Shane said, the service would 
declare if it honors DNT even though the user is logged-in. This hints to 
the fact that we have to agree on the response headers. So if a service 
tracks because it believes it has an agreement (I heard Shane telling that 
story in Brussels) it can either say: DNT is off, you're logged-in/consented 
Or the service can say: We accept your DNT=1 and the compliance spec would 
specify what JC suggested for that case. 

But at least, there is no misunderstanding that people believe DNT=1 while 
Services send DNT=ack and track anyway because of some privacy policy 
meaning in section 178. It would also solve my use case with the forgotten 
login-cookie as the browser would recognize the tracking in the response 
header. So I think this is a viable way out. Shane?

Rigo

Received on Monday, 2 April 2012 19:39:59 UTC