W3C home > Mailing lists > Public > public-tracking@w3.org > June 2012

Re: Examples of successful opt-in implementations

From: Vinay Goel <vigoel@adobe.com>
Date: Thu, 14 Jun 2012 10:07:07 -0700
To: "rob@blaeu.com" <rob@blaeu.com>, "public-tracking@w3.org" <public-tracking@w3.org>
Message-ID: <CBFF9063.D685%vigoel@adobe.com>
Hi Rob,

Hoping you can help me understand your mind model since applying it is
complex given the very different approaches to ePrivacy compliance across
the member states.  Different markets are defining what a 'functional
cookie' is differently.  And, I know you shared the Working Party's
opinion; but its just that -- an opinion by the Working Party, not
specific law or guidance from a DPA.

Assuming you take the Working Party's opinion that first-party site
analytics is not a strictly necessary function, is your mind model
suggesting that the first party needs to use the DNT exception mechanism
or well-known URL in order to use the data for users that have DNT:1 for
first-party analytics?  If so, isn't that an increase in the scope (where
you say "I am also not arguing that first parties must be subject to DNT")?

Thanks in advance.

-Vinay

On 6/14/12 12:49 PM, "Rob van Eijk" <rob@blaeu.com> wrote:

>I would like to share a thought with you. I am expressing my personal
>views here. It is a thought that I had on my way back from the OBA
>roundtable today in Brussels. DNT has the potential to solve many
>uncertainties, but only if all parties involved are demonstrating the
>willingness to think out of the box.
>
>Let me explain why. DNT offers essential technical building blocks that
>may very well deal with e-priv directive and directive 94/95/EC
>compliance. That is in my view the added value of DNT in comparison to
>the current opt-out cookie system (eg. YourOnlineChoices). There is a
>small window of opportunity in recital 66 of directive 2009/136/EC. The
>essential building blocks are the response header and the exception
>mechanism. Rigo has been repeating this over and over. I am not arguing
>that DNT should include EU compliance in the compliance document. I am
>also not arguing that first parties must be subject to DNT. I am just
>showing the added value of DNT, that could save us from a 'world of
>pain', as Aleecia would call it.
>
>A user preference expression and acknowledgement from the server go hand
>in hand. In order to have a granular dialog with the user under the hood
>of the browser, exceptions play a vital role. DNT to me is about
>engaging the dialog between users and parties.
>
>Mind-model: if a first party want to use non-functional cookies, or if
>he want to use functional cookies beyond their normal purpose, then the
>1st party is still free to use the DNT exception mechanism or the
>well-known URL. Inform the user about the purpose of what you are saving
>and/or reading from the device and ask for an exception. If the answer
>is no, then think again about the value proposition you had in mind.
>
>Somehow the industry in the EU does, in my humble opinion, not see this
>opportunity of creating useful technical building blocks. We have an
>important task at hand, which is not just about the continues
>improvement of the transparency/control of the opt-out system. Therefor
>I call upon this group to think about making the technical building
>blocks as useful as possible, not just for 3rd parties operating in a
>1st party context.
>
>mvg::Rob
>
>On 14-6-2012 1:21, Rigo Wenning wrote:
>> On Wednesday 13 June 2012 14:30:36 Jonathan Mayer wrote:
>>> At any rate, I'm unsure where this line of inquiry is
>>> going.  We've already agreed that Do Not Track is directed
>>> towards third parties, not first parties.
>> For consent purposes, first parties are not obliged by DNT, but can
>> benefit from DNT. So this is not at all a futile exercise
>>
>> Rigo
>>
>>
>


Confidentiality Notice: The contents of this e-mail (including any attachments) may be confidential to the intended recipient, and may contain information that is privileged and/or exempt from disclosure under applicable law. If you are not the intended recipient, please immediately notify the sender and destroy the original e-mail and any attachments (and any copies that may have been made) from your system or otherwise. Any unauthorized use, copying, disclosure or distribution of this information is strictly prohibited. <ACL>
Received on Thursday, 14 June 2012 17:07:41 UTC

This archive was generated by hypermail 2.3.1 : Friday, 21 June 2013 10:11:30 UTC