W3C home > Mailing lists > Public > public-tracking@w3.org > April 2012

ISSUE-152: Write up logged-in-means-out-of-band-consent

From: Shane Wiley <wileys@yahoo-inc.com>
Date: Tue, 10 Apr 2012 10:05:55 -0700
To: "public-tracking@w3. org Group WG" <public-tracking@w3.org>
Message-ID: <63294A1959410048A33AEE161379C8023D11A9914E@SP2-EX07VS02.ds.corp.yahoo.com>
Updated Proposed Text:


"User registration and login often are bundled with a set of sign-up flow notices, Terms of Service, and Privacy Policy by which a 1st party will operate.  If these notices directly address interactions with users off of the 1st parties direct web site, such as through Widgets or other interactions with a user in a logged-in state, in an open and transparent manner, then this is considered an out-of-band user consent.  If a party claims it supports DNT, they MUST claim their out-of-band consent in DNT response headers or well-known URIs (direction TBD) - including a link to instructions for the user to alter a previously granted out-of-band consent if they so desire.  If a service that employs registration (logged-in) is silent on how their service interacts with DNT (we honor it, we don't, you're providing consent to our service to ignore your DNT setting, etc.), then it should be assumed that party is not honoring DNT.  If on the other hand a service states they comply with the DNT standard, they would need to articulate what this means for their registration services.  If a party both states they support DNT and is silent on how this interacts with their registration services, then that party MUST continue to honor DNT despite a user logged-in status."
Received on Tuesday, 10 April 2012 17:06:57 UTC

This archive was generated by hypermail 2.3.1 : Friday, 21 June 2013 10:11:27 UTC