W3C home > Mailing lists > Public > public-tracking@w3.org > October 2012

Re: working towards affirmative opt-in consent

From: Rigo Wenning <rigo@w3.org>
Date: Fri, 12 Oct 2012 23:30:08 +0200
To: public-tracking@w3.org
Cc: "Roy T. Fielding" <fielding@gbiv.com>, rob@blaeu.com
Message-ID: <3799566.YlNk6OCueQ@hegel.sophia.w3.org>
Roy, 

I'm working on it. Please help with the global considerations! I 
still think that defining tracking will lead us into one infinite 
rathole, so I try to avoid that. But for the rest, I must admit I 
lost with you: 

- I want to have a definition of what we can "at least" do with 
DNT;0
 - I want to have authorities accepting opt/in/out signals (or just 
opt-signals)
 - I don't think Rob has definitely closed the door on whether we 
can meet the EU requirements, so I have some hope with global 
considerations. 

Rigo

On Friday 12 October 2012 00:49:43 Roy T. Fielding wrote:
> On Oct 11, 2012, at 3:36 PM, Rob van Eijk wrote:
> > With all respect, the TPWG is working towards affirmative opt-in
> > consent for third-party web tracking.
> It is?  How so?  Thus far, the working group has refused to
> define tracking, refused to define DNT, refused to define what
> DNT:0 implies for a recipient, refused to require an opt-in
> signal be implemented by browsers, refused any discussion of UI
> for informing consent, and you and Ninja have repeatedly stated
> that a global setting of DNT:0, even if deliberately set by a
> user because they just don't care about pseudonymous privacy
> concerns, would still not satisfy the EU requirements for
> specific and informed consent.
> 
> Please, how on earth do you expect us to work on an affirmative
> opt-in consent mechanism for third-party tracking when you've
> made it unlikely that any browser-based consent mechanism will be
> implemented and impossible for a server to use the DNT mechanisms
> to inform the user, be specific about what is being consented,
> and be reasonably assured that all of the consent options will
> be presented to that user?
> 
> What is the point of having an exception mechanism that might
> (if anyone implements it) send a DNT:0 signal to a third-party
> server if this group cannot agree that such a signal will
> indicate an explicit and informed consent for data collection
> for a specific set of purposes?
> 
> Industry in Europe will obey the laws, but they will have to do
> so using cookies and out-of-band consent mechanisms because
> some privacy advocates in this working group are so consumed
> with self-righteousness that they cannot even allow a user
> to make their own choices.
> 
> If you want DNT to be usable as an opt-in mechanism for EU,
> as I do, then you need to insist that the working group
> defines tracking, defines DNT:0, defines what it means
> when DNT:0 is received, and requires browsers to implement
> that consent mechanism if they implement DNT:1, at least to
> an extent necessary to satisfy those EU laws.
> 
> I am sick and tired of EU regulators blaming industry for lack
> of progress on DNT when it has been the non-implementers in
> this group that have refused to define anything necessary for
> obtaining specific and informed consent.
> 
> ....Roy
Received on Friday, 12 October 2012 21:30:32 UTC

This archive was generated by hypermail 2.3.1 : Friday, 21 June 2013 10:11:36 UTC