W3C home > Mailing lists > Public > public-tracking@w3.org > June 2012

Re: tracking-ISSUE-148: What does DNT:0 mean? [Tracking Definitions and Compliance]

From: Vinay Goel <vigoel@adobe.com>
Date: Thu, 31 May 2012 17:43:50 -0700
To: Rigo Wenning <rigo@w3.org>, "public-tracking@w3.org" <public-tracking@w3.org>, Kimon Zorbas <vp@iabeurope.eu>
CC: David Singer <singer@apple.com>, "Roy T. Fielding" <fielding@gbiv.com>
Message-ID: <CBED7F41.BCC6%vigoel@adobe.com>
Hi Rigo,

What sort of 'at least' clauses are you thinking of including in the
definition of DNT:0 that can't be handled in the Global Considerations
document?

While not a perfect analogy, I compare having a user switch from DNT:1 to
DNT:0 to a user opting back in to a specific ad network.  The ad networks
that are members of the NAI/DAA offer an opt out, but offering the user
the opportunity to opt back in isn't required by either organization.  In
fact, in my experience, about half of the ad networks offer an opt back
in.  There are many reasons for this, one being that its easier to ensure
data collected when the user was opted out (when DNT:1), such as for first
party analytics, isn't then used to profile the user now that they are no
longer opted out (when DNT:0).

I'm hesitant to define DNT:0 because, ultimately, its going to be up to
the websites/companies how to interpret DNT:0 in respect of local laws,
regulations, and system architecture.  I personally agree that users
should be able to opt back in after they've opted out and realized the
Internet isn't as relevant as it use to be.  But, if we are going to
require that to be compliant with DNT a company has to offer an opt back
in such that it gives the user the same experience as before they opted
out, we're going to slow down implementation for a lot of
websites/companies.

-Vinay



On 5/31/12 7:44 PM, "Rigo Wenning" <rigo@w3.org> wrote:

>David, Roy,
>
>there is a very good reason why we need to define what DNT;0 means IMHO.
>And
>this reason lies mainly with the functionality that DNT offers for the EU
>market and other regulated markets like Japan or Australia.
>
>Matthias raised this issue already as ISSUE-147. He mainly said that
>currently (and without a definition) DNT;0 just means you are liberated
>from
>the constraints of the compliance specification.
>
>What does that mean?
>
>In the US market, this means that everybody can do everything with the
>data
>received unless there is a specific context (HIPAA, Banking etc)
>
>In the EU market it would mean that it falls back to the law that
>prohibits
>storing information on the user device unless there is some user consent.
>So
>mainly, DNT would not do any good in the EU system.
>
>So defining DNT;0 will actually give the industry _more_ permissions. And
>it
>should only be an "at least" definition. So if in a restrictive
>regulatory
>environment, "at least" the necessary functions of the eco-system work if
>the user agrees to it by sending DNT;0
>
>This is why this is extremely important to make DNT a save haven for
>industry once you receive a DNT;0 It also transforms DNT from a pure
>stick
>also into a carrot.
>
>Best,
>
>Rigo
>
>On Wednesday 30 May 2012 17:12:19 David Singer wrote:
>> On May 30, 2012, at 17:03 , Roy T. Fielding wrote:
>> > On May 30, 2012, at 4:54 PM, David Singer wrote:
>> >> I think it means something like "I am aware of DNT but I am choosing
>> >> not to send you a DNT (DNT:1) request", whereas absence of a DNT
>> >> header might mean I am unaware of DNT or choose not to send any DNT
>> >> header at all.>
>> > Such a message would have no value, for anyone.  Presumably, we have
>> > a user granted exceptions mechanism in order to do something useful
>> > once the exception is granted.  If we can't say what that bit of
>> > usefulness is, then we don't need an exception mechanism and the
>> > spec gets a whole lot simpler.
>>
>> It means something, if only by contrast that it's not DNT:1.  Other
>>people
>> may be getting DNT:1;  you're not. From a behavioral point of view, you
>> can behave as if you got not DNT header at all, except I would like to
>> find confirmation that you saw my DNT:0 (so I can tell if you claim to
>> have seen a DNT:0 when I don't think I sent it).
>>
>> What I am saying is that I think trying to read more into what you are
>> permitted to do, than if no DNT was sent, is a tar-pit.
>>
>> David Singer
>> Multimedia and Software Standards, Apple Inc.
>


Confidentiality Notice: The contents of this e-mail (including any attachments) may be confidential to the intended recipient, and may contain information that is privileged and/or exempt from disclosure under applicable law. If you are not the intended recipient, please immediately notify the sender and destroy the original e-mail and any attachments (and any copies that may have been made) from your system or otherwise. Any unauthorized use, copying, disclosure or distribution of this information is strictly prohibited. <ACL>
Received on Friday, 1 June 2012 00:45:06 UTC

This archive was generated by hypermail 2.3.1 : Friday, 21 June 2013 10:11:30 UTC