W3C home > Mailing lists > Public > public-tracking@w3.org > June 2012

Re: tracking-ISSUE-148: What does DNT:0 mean? [Tracking Definitions and Compliance]

From: Rigo Wenning <rigo@w3.org>
Date: Fri, 01 Jun 2012 17:36:15 +0200
To: public-tracking@w3.org
Cc: Vinay Goel <vigoel@adobe.com>, Kimon Zorbas <vp@iabeurope.eu>, David Singer <singer@apple.com>, "Roy T. Fielding" <fielding@gbiv.com>
Message-ID: <2024038.b5JvnCxOvZ@hegel.sophia.w3.org>
On Thursday 31 May 2012 17:43:50 Vinay Goel wrote:
> Hi Rigo,
> 
> What sort of 'at least' clauses are you thinking of including in the
> definition of DNT:0 that can't be handled in the Global Considerations
> document?

No, because it wouldn't be normative thus can't be endorsed by the 
authorities. 
> 
> While not a perfect analogy, I compare having a user switch from DNT:1 to
> DNT:0 to a user opting back in to a specific ad network.  The ad networks
> that are members of the NAI/DAA offer an opt out, but offering the user
> the opportunity to opt back in isn't required by either organization.  In
> fact, in my experience, about half of the ad networks offer an opt back
> in.  There are many reasons for this, one being that its easier to ensure
> data collected when the user was opted out (when DNT:1), such as for first
> party analytics, isn't then used to profile the user now that they are no
> longer opted out (when DNT:0).

I do NOT talk about a switch in any direction. I talk about a state, not how 
it has been reached. So my suggestion is not even touching on your issue 
above. I do not think it will "force" somebody to offer an opt-back-in (or a 
consent-expression as they are materially the same here). And such a 
solution does not specify or force the provider to treat the user like those 
coming with "unset" or those not having opted-out. It just creates a pathway 
for the Web in a regulatory jungle if (and only if) we get that accepted as 
an expression of preference of the user. 
> 
> I'm hesitant to define DNT:0 because, ultimately, its going to be up to
> the websites/companies how to interpret DNT:0 in respect of local laws,
> regulations, and system architecture.  

You're just killing your EU colleages and your EU business. I don't know if 
you have looked at those local laws. I explained to you above that the harm 
for the US market from your perspective is 0 and that the benefit for 
countries with data protection legislation is huge. I said it makes sense in 
certain types of local laws. And you tell me why we shouldn't fall back 
entirely on local laws? I have difficulties following your logic here. 

> I personally agree that users
> should be able to opt back in after they've opted out and realized the
> Internet isn't as relevant as it use to be.  But, if we are going to
> require that to be compliant with DNT a company has to offer an opt back
> in such that it gives the user the same experience as before they opted
> out, we're going to slow down implementation for a lot of
> websites/companies.

The opt-back-in is a means of expression of a user preference. And a 
description of DNT;0 is a minimum permission. There is nothing proscriptive 
here. So why I see your valid concern, I don't think the proposal of 
defining DNT;0 minima changes anything to that scenario compared to no-
dnt;0-definition. 

Rigo
Received on Friday, 1 June 2012 15:36:47 UTC

This archive was generated by hypermail 2.3.1 : Friday, 21 June 2013 10:11:30 UTC