W3C home > Mailing lists > Public > public-tracking@w3.org > October 2012

working towards affirmative opt-in consent

From: Roy T. Fielding <fielding@gbiv.com>
Date: Fri, 12 Oct 2012 00:49:43 -0700
Cc: <public-tracking@w3.org>
Message-Id: <AD161F5B-A58C-439C-A1BC-65D19E865A0F@gbiv.com>
To: <rob@blaeu.com>
On Oct 11, 2012, at 3:36 PM, Rob van Eijk wrote:

> With all respect, the TPWG is working towards affirmative opt-in consent for third-party web tracking.

It is?  How so?  Thus far, the working group has refused to
define tracking, refused to define DNT, refused to define what
DNT:0 implies for a recipient, refused to require an opt-in
signal be implemented by browsers, refused any discussion of UI
for informing consent, and you and Ninja have repeatedly stated
that a global setting of DNT:0, even if deliberately set by a
user because they just don't care about pseudonymous privacy
concerns, would still not satisfy the EU requirements for
specific and informed consent.

Please, how on earth do you expect us to work on an affirmative
opt-in consent mechanism for third-party tracking when you've
made it unlikely that any browser-based consent mechanism will be
implemented and impossible for a server to use the DNT mechanisms
to inform the user, be specific about what is being consented,
and be reasonably assured that all of the consent options will
be presented to that user?

What is the point of having an exception mechanism that might
(if anyone implements it) send a DNT:0 signal to a third-party
server if this group cannot agree that such a signal will
indicate an explicit and informed consent for data collection
for a specific set of purposes?

Industry in Europe will obey the laws, but they will have to do
so using cookies and out-of-band consent mechanisms because
some privacy advocates in this working group are so consumed
with self-righteousness that they cannot even allow a user
to make their own choices.

If you want DNT to be usable as an opt-in mechanism for EU,
as I do, then you need to insist that the working group
defines tracking, defines DNT:0, defines what it means
when DNT:0 is received, and requires browsers to implement
that consent mechanism if they implement DNT:1, at least to
an extent necessary to satisfy those EU laws.

I am sick and tired of EU regulators blaming industry for lack
of progress on DNT when it has been the non-implementers in
this group that have refused to define anything necessary for
obtaining specific and informed consent.

....Roy
Received on Friday, 12 October 2012 07:49:55 UTC

This archive was generated by hypermail 2.3.1 : Friday, 21 June 2013 10:11:36 UTC