Re: action-231, issue-153 requirements on other software that sets DNT headers

On Aug 22, 2012, at 5:57 PM, Justin Brookman wrote:

> As Shane has said, the key is transparency: you can't just receive a DNT:1 signal and go about your tracking business.

That simply isn't true. DNT sent from MSIE 10.0 has no meaning.
It is equivalent to not sending DNT, as far as "tracking business"
is concerned, whatever we might mean by tracking.

>   You have to get permission to track,

Only in certain jurisdictions.

> or tell the user you refuse to deliver them content while DNT:1 is on,

That's certainly an option.

> or refuse to provide service to the user agent at all.

No, the user agent sent a request.  The site will respond as requested
and do whatever applicable regional laws allow with the data collected.

>   I saw a news story recently that Wired is already doing this for just IE10 users --- grant permission to track, or we'll just serve you snippets.  They don't claim that IE10 isn't compliant---rather they presume the validity of the signal---they just say "here are your choices."  Of course, this may not be compliant with European law, but I believe the group had decided that sites could degrade users' experiences who don't grant exceptions.

Removing the DNT signal does not, in any way, impact compliance
with EU laws.

> I had been uncomfortable with sites or third parties saying "come back with a different browser" due to allegations of noncompliance, but it helps to consider that they could do it anyway---as long as it's transparent to the user what's going on.

I'll be happy to make removal of the DNT field transparent to the
UA if there is a mechanism to do so.  The UA can choose how to
communicate that to the user.

....Roy

Received on Thursday, 23 August 2012 02:46:34 UTC