W3C home > Mailing lists > Public > public-tracking@w3.org > May 2012

Re: tracking-ISSUE-147: Transporting Consent via the Exception / DNT mechanisms [Global Considerations]

From: Kimon Zorbas <vp@iabeurope.eu>
Date: Tue, 15 May 2012 18:08:43 +0000
To: "Roy T. Fielding" <fielding@gbiv.com>, Rigo Wenning <rigo@w3.org>
CC: "public-tracking@w3.org Group WG" <public-tracking@w3.org>
Message-ID: <5C8810C7-1947-4AC2-8808-1BAD5C21E46F@iabeurope.eu>
Roy,

if I understand your email correctly, it seems that you infer that websites are responsible for 3rd parties activities (and hence publishers need to get consent?). Can you explain which countries you have in mind with such laws, as the Directive is not placing obligations on publishers but the entity placing the cookie. National law however might deviate.


Kind regards,
Kimon


----- Reply message -----
From: "Roy T. Fielding" <fielding@gbiv.com>
To: "Rigo Wenning" <rigo@w3.org>
Cc: "public-tracking@w3.org Group WG" <public-tracking@w3.org>
Subject: tracking-ISSUE-147: Transporting Consent via the Exception / DNT mechanisms [Global Considerations]
Date: Tue, May 15, 2012 7:59 pm



On May 15, 2012, at 12:56 AM, Rigo Wenning wrote:

> This is not true. If the origin server has received a DNT;0 header, we also
> assume that the user has given his/her consent to be tracked. This goes way
> beyond what would be the situation without header.

Consent to be tracked means data about their activity can be
collected.  That does not say how it can be used.  The EU regulations,
individual state regulations, and proposed US policies all require
that the consent be contextual/informed (the user knows why it is
being requested and how the data will be used) and that any use or
sharing outside of the established consent/context requires an
additional consent.

In other words, the DNT protocol as currently defined provides no
utility whatsoever to publishers for meeting those regulations
without a separate consent mechanism that details the purpose,
and if we have a separate consent mechanism then we don't need DNT.
Hence, this is now a critical issue.  DNT needs to deal with
data usage purposes or limit its scope to one purpose.

A lot of people (including Rigo) assume that DNT is specific to
advertising.  That simply isn't the case.  It is not true of our
documents, it is not true of the regulations, and it is not true
for the composition of our WG.  If DNT was "Do Not Target Ads",
then it would be true, and I wouldn't be here.  I'll be perfectly
happy to resolve this issue by the WG declaring that all of the
non-OBA uses of tracking are outside the scope of DNT.

Cheers,

....Roy
Received on Tuesday, 15 May 2012 18:09:26 UTC

This archive was generated by hypermail 2.3.1 : Friday, 21 June 2013 10:11:28 UTC