- From: Kimon Zorbas <vp@iabeurope.eu>
- Date: Thu, 25 Oct 2012 07:29:12 +0000
- To: Rigo Wenning <rigo@w3.org>, "public-tracking@w3.org" <public-tracking@w3.org>, "rob@blaeu.com" <rob@blaeu.com>
- Message-ID: <71C6931F-C837-48DD-B627-AE1F8F8E8362@iabeurope.eu>
Fully support Rigo: if a user objects to the data processing, the service provider has a right to not provide the service. That is broad consensus of policymakers, industry and regulatory authorities (DPAs & telecom and other). Kind regards, Kimon ----- Reply message ----- From: "Rigo Wenning" <rigo@w3.org> To: "public-tracking@w3.org" <public-tracking@w3.org>, "rob@blaeu.com" <rob@blaeu.com> Subject: tracking-ISSUE-184 (Walter van Holst): 3rd party dependencies in 1st party content [Tracking Definitions and Compliance] Date: Thu, Oct 25, 2012 8:58 am Walter, Rob, in our setup, a first party doesn't need consent with the current specifications. And the second party is not DNT enabled in your scenario. So you have already a logic break in there. There is a law in Germany that a service can't refuse service merely because the data subject refuses data collection. This hasn't been applied in a case I know of. And for good reasons. If the user refuses necessary data collection, how would I obtain the service? I think we would be ill-guided if we would accept that a service can't refuse service. Forced licenses and services exist for patents and monopolies. We are not there. And if we were there, we would have to define precisely what that minimum service is. I don't think we can do that from here. The only point that Walter has is the following: If the first party responds "3" (as in the EU context) and has other third parties not compliant with DNT and the site is not working without them, one could argue for text that says, the entire site is not DNT compliant. But that has dangers from redirects and other surprises. I would rather say that we add non-normative text that the browser should assume that the site is not usable with DNT. It finally says that the site, by establishing the denial, it links its service to another non-DNT service such that the DNT can't be assumed. Another break is then, that Walter assumes DNT and says: "The user is forced to give consent". But there is no DNT to consent to other than the first party as -by definition- the third party is not DNT enabled. Concluding, I can say that for the EU, the situation is rather simple. Requests are DNT-enabled or not. If those enabled are hardwired with a service that aren't, the entire request must fail or made under the assumption of DNT unset. Rigo On Wednesday 24 October 2012 19:49:46 Rob van Eijk wrote: > > This raises an interesting situation if we have DNT. For example > > we have a 1st party that is trusted by the user and also claims > > to comply > > to DNT and a 3rd party that is neither. Since the 1st party > > content is > > technically dependent on 3rd party content, the user has the > > choice between either granting consent to the 3rd party in > > order to have the 1st party function properly or not getting > > the content at all. > > > > To what extent is such consent informed, genuine and meaningful? > > I would like to add the question the element of free (i.e. freely > given): to what extent is such consent freely given. > > (Recital 17 (2002/58/EC): Consent may be given by any appropriate > method enabling a freely given, specific and informed indication > of the user’s whishes.)
Received on Thursday, 25 October 2012 07:29:57 UTC