W3C home > Mailing lists > Public > public-tracking@w3.org > May 2012

Re: ACTION-172: Write up more detailed list of use cases for origin/origin exceptions

From: Matthias Schunter <mts-std@schunter.org>
Date: Mon, 14 May 2012 15:14:57 +0200
Message-ID: <4FB10551.20904@schunter.org>
To: rob@blaeu.com
CC: public-tracking@w3.org
Hi Folks,

I tend to agree with Rob: If we can provide a standardised protocol that
may be used to simplify collection of consent, then this would be useful
for users (improved usability) and sites (standard approach).

Regards,
matthias


On 04/05/2012 08:52, Rob van Eijk wrote:
> Kimon, Ian,
>
> I agree the two do not need to be coupled so closely. But it is an
> invitation to look it freshly. The topic at hand is to write up more
> detailed list of use cases for origin/origin exceptions. Nick and
> Jonathan did an excellent job to start this thread.
>
> Every technical aspect in the TPE that can ease the hurdle of 5.3
> compliance should be taken seriously in my view.
> So I respectfully ask to not shift it to the out-of-scope bin too fast.
>
> Rob
>
> On 4-5-2012 0:37, Ian Fette (イアンフェッティ) wrote:
>> I also think that a site is fully capable of describing its practices
>> outside of the context of the request for exceptions. The two need
>> not be coupled so closely.
>>
>> On Thu, May 3, 2012 at 3:27 PM, Kimon Zorbas <vp@iabeurope.eu
>> <mailto:vp@iabeurope.eu>> wrote:
>>
>>     Rob,
>>
>>     Are we not mixing up legal and technical issues here? I am not
>>     sure I understand how consent can be handled the way you
>>     describe, given differing and inconsistent transpositions (and
>>     some missing) of the E-Privacy Directive. While I'd be excited
>>     having a technical solution to the the legal challenge, I'm not
>>     optimistic this can be resolved here.
>>
>>     Kind regards,
>>     Kimon
>>
>>     Kimon Zorbas Vice President IAB Europe
>>
>>     IAB Europe - The Egg
>>     Rue Barastraat 175
>>     1070 Brussels - Belgium
>>     Phone +32 (0)2 5265 568 <tel:%2B32%20%280%292%205265%20568>
>>     Mob +32 494 34 91 68 <tel:%2B32%20494%2034%2091%2068>
>>     Fax +32 2 526 55 60 <tel:%2B32%202%20526%2055%2060>
>>     vp@iabeurope.eu <mailto:vp@iabeurope.eu>
>>     Twitter: @kimon_zorbas
>>
>>     www.iabeurope.eu <http://www.iabeurope.eu> and
>>     www.interactcongress. eu
>>
>>     IAB Europe supports the .eu domain name www.eurid.eu
>>     <http://www.eurid.eu>
>>
>>     IAB Europe is supported by:
>>
>>     Austria, Belgium, Bulgaria, Croatia, Czech Republic, Denmark,
>>     Finland, France, Germany, Greece, Hungary, Ireland, Italy,
>>     Netherlands, Norway, Poland, Romania, Russia, Serbia, Slovakia,
>>     Slovenia, Spain, Sweden, Switzerland, Turkey, Ukraine and United
>>     Kingdom representing their 5.000 members. The IAB network
>>     represents over 90% of European digital revenues and is acting as
>>     voice for the industry at National and European level.
>>
>>     IAB Europe is powered by:
>>
>>     Adconion Media Group, Adobe, ADTECH, Alcatel-Lucent, AOL
>>     Advertising Europe, AudienceScience, BBCAdvertising, CNN,
>>     comScore Europe, CPX Interactive, Criteo, eBay International
>>     Advertising, Expedia Inc, Fox Interactive Media, Gemius, Goldbach
>>     Media Group, Google, GroupM, Hi-Media, Koan, Microsoft Europe,
>>     Millward Brown, News Corporation, nugg.ad <http://nugg.ad>,
>>     Nielsen Online, OMD, Orange Advertising Network, PHD,Prisa,
>>     Publicitas Europe, Quisma, Sanoma Digital, Selligent,
>>     TradeDoubler, Triton Digital, United Internet Media, ValueClick,
>>     Verisign, Viacom International Media Networks, White & Case,
>>     Yahoo! and zanox.
>>
>>     IAB Europe is associated with: Advance International Media,
>>     Banner, Emediate, NextPerformance, Right Media, Tribal Fusion and
>>     Turn Europe
>>
>>
>>     ----- Reply message -----
>>     From: "Rob van Eijk" <rob@blaeu.com <mailto:rob@blaeu.com>>
>>     To: "public-tracking@w3.org <mailto:public-tracking@w3.org>"
>>     <public-tracking@w3.org <mailto:public-tracking@w3.org>>
>>     Subject: ACTION-172: Write up more detailed list of use cases for
>>     origin/origin exceptions
>>     Date: Fri, May 4, 2012 12:06 am
>>
>>
>>
>>     Explicit/explicit gives Controllers the opportunity to signal
>>     which 3rd parties are processors. Because the controller
>>     determines the purpose and means, controller is responsible for
>>     valid consent in the EU.
>>
>>     So my use case [A] would be: a DNT:0 signal sent to the limited
>>     and known list of processors, who are bound by a legal contract,
>>     i.e. the processor agreement. In my opinion, this is not the use
>>     case to use the '*' parameter, i.e. MUST NOT be used. In this
>>     case the list [Inc_A,Inc_B,...,Inc_Z] SHOULD/MUST be used.
>>
>>     Use case [B]: a DNT:0 signal to service providers, not being
>>     processors, but as a result controllers themselves or in some
>>     cases joint controller. It could be useful, but I haven't given
>>     it a lot of thought. My assumption for DNT:0 to be useful in this
>>     scenario is that the browser reflects user consent. This implies
>>     that the user has made an informed choice, preferably in the
>>     install/update flow of the browser to use DNT technology as a
>>     granular consent expression mechanism.
>>
>>     Rob
>>
>>
>>     On 2-5-2012 9:54, Nicholas Doty wrote:
>>     >>> * Separate data controllers in EU jurisdictions
>>     >>> >>  A DNT:0 signal sent to a third-party service in the EU
>>     might usefully be interpreted as consent for independent use by
>>     that thid-party (that the service would itself be a data
>>     controller, not just a processor). EU regulations, however, may
>>     require that this consent be specific to the party rather than
>>     site-wide. (Suggested by Ninja, who may be able to add more detail.)
>>     >> > 
>>     >> >  Importance: Medium
>>     >> > 
>>     >> >  Design Notes:
>>     >> >  I agree that being able to provide consent via DNT is
>>     useful. I cannot
>>     >> >  judge what extent explicit/explicit is needed or whether a
>>     site-wide
>>     >> >  exception would also be considered consent. An important
>>     question in
>>     >> >  this use case is what responsibilities (under EU law) are
>>     implied from
>>     >> >  the corresponding "Trust myself and my third parties" statement.
>>     > I also welcome input from Ninja, Rob and others on this issue.
>>     >
>>
>>
>>
>
Received on Monday, 14 May 2012 13:15:22 UTC

This archive was generated by hypermail 2.3.1 : Friday, 21 June 2013 10:11:28 UTC