W3C home > Mailing lists > Public > public-tracking@w3.org > June 2012

Re: Examples of successful opt-in implementations

From: イアンフェッティ <ifette@google.com>
Date: Wed, 13 Jun 2012 14:47:36 -0700
Message-ID: <CAF4kx8fz5dgS5GhBQjxrmJrmiK6F51p9BOf_p6z4EfmNziLvrA@mail.gmail.com>
To: Jonathan Mayer <jmayer@stanford.edu>
Cc: "Dobbs, Brooks" <brooks.dobbs@kbmg.com>, "public-tracking@w3.org Group WG" <public-tracking@w3.org>
We agreed it was directed at third parties, however it seems some people
(as we heard on the call today) are trying to turn DNT into something to
solve opt-in problems, presumably for first parties as well. I'm trying to
figure out how much of hole we're getting dug into :)

"No one has managed to figure this out in a deployable manner. Please give
us a solution by 1 January 2013" is a bit of a frightening thought :)


On Wed, Jun 13, 2012 at 2:30 PM, Jonathan Mayer <jmayer@stanford.edu> wrote:

> The cookie manager widget at http://www.bt.com/ seems passable.
> At any rate, I'm unsure where this line of inquiry is going.  We've
> already agreed that Do Not Track is directed towards third parties, not
> first parties.
> Jonathan
> On Wednesday, June 13, 2012 at 3:18 PM, Dobbs, Brooks wrote:
>  Ian,
> I would say that I have seen some sites that are arguably one step closer,
> though not truly opt-in.
> If you look at http://www.nectar.com/ you’ll see a similar disclosure to
> that on the FT, but with a Cookie Consent link that takes you to a cookie
> inventory with a place for the status of each cookie and the purpose of
> each cookie.  Now while they get points for making a greater effort, I
> would say that the final result seems fairly problematic as: 1) though the
> site lists 52 cookie issuers, my personal packet sniff showed both that
> they included cookies that I didn’t come across (no problem - I didn’t
> actually read every page) AND missed cookies that I did come across
> (problem) and 2) a number of the 52 cookies issuers where listed as having
> “undisclosed” purposes with a specific inability to offer choice.
> So even if they took the particularly consumer annoying step of making the
> user go through 52 pop-up, opt-in screens, they still would not be opt-in
> compliant.
> Not trying to pick on them, just pointing out that, as you seem to
> suggest, we aren’t seeing a lot of (any?) real opt-in compliant websites in
> the wild, and that the closer they get, the more troubles they seem to make
> for themselves.
> -Brooks
> On 6/13/12 3:26 PM, "Ian Fette   (イアンフェッティ)" <ifette@google.com> wrote:
> Out of curiosity, on today's call two examples of "successful" opt-in
> implementations were given.
> 1. was the financial times - http://www.ft.com/home/us. This shows a
> popup saying the following: "FT Cookie Policy
> We have published a new cookie policy. It explains what cookies are and
> how we use them on our site. To learn more about cookies and their
> benefits, please view our cookie policy.
> If you'd like to disable cookies on this device, please view our
> information pages on 'How to manage cookies'. Please be aware that parts of
> the site will not function correctly if you disable cookies.
> By closing this message, you consent to our use of cookies on this device
> in accordance with our cookie policy unless you have disabled them."
> Before you even accept anything, I counted 40 cookies being set, including
> 18 from Financial Times. FT itself used HTML5 local storage in addition to
> the 18 cookies.
> 2. The other was the UK CIO's site -- this seems to be down at the moment.
> www.cio.gov.uk <http://www.cio.gov.uk>  redirects to some archive page.
> Taking another government site as an example, I see 7 cookies including
> GUIDs from http://www.cabinetoffice.gov.uk/content/privacy-policy
> So, I'd like to re-raise my question of whether anyone has actually
> successfully managed to deploy an opt-in compliant website in the wild...
> -Ian
> --
> *Brooks Dobbs, CIPP *| Chief Privacy Officer | *KBM Group* | Part of the
> Wunderman Network
> (Tel) 678 580 2683 | (Mob) 678 492 1662 | *kbmg.com*
> *brooks.dobbs@kbmg.com
> *
> This email – including attachments – may contain confidential information.
> If you are not the intended recipient,
>  do not copy, distribute or act on it. Instead, notify the sender
> immediately and delete the message.

(image/PNG attachment: image.png)

Received on Wednesday, 13 June 2012 21:48:08 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:44:51 UTC