W3C home > Mailing lists > Public > public-tracking@w3.org > May 2012

Re: ACTION-172: Write up more detailed list of use cases for origin/origin exceptions

From: イアンフェッティ <ifette@google.com>
Date: Thu, 3 May 2012 15:37:23 -0700
Message-ID: <CAF4kx8dEJJvttDLZYYMnqh8SWTPe7i5dbXdPrLKPPiDe=ZHJnw@mail.gmail.com>
To: Kimon Zorbas <vp@iabeurope.eu>
Cc: "rob@blaeu.com" <rob@blaeu.com>, "public-tracking@w3.org" <public-tracking@w3.org>
I also think that a site is fully capable of describing its practices
outside of the context of the request for exceptions. The two need not be
coupled so closely.

On Thu, May 3, 2012 at 3:27 PM, Kimon Zorbas <vp@iabeurope.eu> wrote:

>  Rob,
>
> Are we not mixing up legal and technical issues here? I am not sure I
> understand how consent can be handled the way you describe, given differing
> and inconsistent transpositions (and some missing) of the E-Privacy
> Directive. While I'd be excited having a technical solution to the the
> legal challenge, I'm not optimistic this can be resolved here.
>
> Kind regards,
> Kimon
>
> Kimon Zorbas Vice President IAB Europe
>
> IAB Europe - The Egg
> Rue Barastraat 175
> 1070 Brussels - Belgium
> Phone +32 (0)2 5265 568
> Mob +32 494 34 91 68
> Fax +32 2 526 55 60
> vp@iabeurope.eu
> Twitter: @kimon_zorbas
>
> www.iabeurope.eu and www.interactcongress. eu
>
> IAB Europe supports the .eu domain name www.eurid.eu
>
> IAB Europe is supported by:
>
> Austria, Belgium, Bulgaria, Croatia, Czech Republic, Denmark, Finland,
> France, Germany, Greece, Hungary, Ireland, Italy, Netherlands, Norway,
> Poland, Romania, Russia, Serbia, Slovakia, Slovenia, Spain, Sweden,
> Switzerland, Turkey, Ukraine and United Kingdom representing their 5.000
> members. The IAB network represents over 90% of European digital revenues
> and is acting as voice for the industry at National and European level.
>
> IAB Europe is powered by:
>
> Adconion Media Group, Adobe, ADTECH, Alcatel-Lucent, AOL Advertising
> Europe, AudienceScience, BBCAdvertising, CNN, comScore Europe, CPX
> Interactive, Criteo, eBay International Advertising, Expedia Inc, Fox
> Interactive Media, Gemius, Goldbach Media Group, Google, GroupM, Hi-Media,
> Koan, Microsoft Europe, Millward Brown, News Corporation, nugg.ad,
> Nielsen Online, OMD, Orange Advertising Network, PHD,Prisa, Publicitas
> Europe, Quisma, Sanoma Digital, Selligent, TradeDoubler, Triton Digital,
> United Internet Media, ValueClick, Verisign, Viacom International Media
> Networks, White & Case, Yahoo! and zanox.
>
> IAB Europe is associated with: Advance International Media, Banner,
> Emediate, NextPerformance, Right Media, Tribal Fusion and Turn Europe
>
>
> ----- Reply message -----
> From: "Rob van Eijk" <rob@blaeu.com>
> To: "public-tracking@w3.org" <public-tracking@w3.org>
> Subject: ACTION-172: Write up more detailed list of use cases for
> origin/origin exceptions
> Date: Fri, May 4, 2012 12:06 am
>
>
>
>  Explicit/explicit gives Controllers the opportunity to signal which 3rd
> parties are processors. Because the controller determines the purpose and
> means, controller is responsible for valid consent in the EU.
>
> So my use case [A] would be: a DNT:0 signal sent to the limited and known
> list of processors, who are bound by a legal contract, i.e. the processor
> agreement. In my opinion, this is not the use case to use the '*'
> parameter, i.e. MUST NOT be used. In this case the list
> [Inc_A,Inc_B,...,Inc_Z] SHOULD/MUST be used.
>
> Use case [B]: a DNT:0 signal to service providers, not being processors,
> but as a result controllers themselves or in some cases joint controller.
> It could be useful, but I haven't given it a lot of thought. My assumption
> for DNT:0 to be useful in this scenario is that the browser reflects user
> consent. This implies that the user has made an informed choice, preferably
> in the install/update flow of the browser to use DNT technology as a
> granular consent expression mechanism.
>
> Rob
>
>
> On 2-5-2012 9:54, Nicholas Doty wrote:
> >>> * Separate data controllers in EU jurisdictions
> >>> >>  A DNT:0 signal sent to a third-party service in the EU might
> usefully be interpreted as consent for independent use by that thid-party
> (that the service would itself be a data controller, not just a processor).
> EU regulations, however, may require that this consent be specific to the
> party rather than site-wide. (Suggested by Ninja, who may be able to add
> more detail.)
> >> >
> >> >  Importance: Medium
> >> >
> >> >  Design Notes:
> >> >  I agree that being able to provide consent via DNT is useful. I
> cannot
> >> >  judge what extent explicit/explicit is needed or whether a site-wide
> >> >  exception would also be considered consent. An important question in
> >> >  this use case is what responsibilities (under EU law) are implied
> from
> >> >  the corresponding "Trust myself and my third parties" statement.
> > I also welcome input from Ninja, Rob and others on this issue.
> >
>
>
>
Received on Thursday, 3 May 2012 22:37:53 UTC

This archive was generated by hypermail 2.3.1 : Friday, 21 June 2013 10:11:28 UTC