Re: TPE Handling Out-of-Band Consent (including ISSUE-152) from Matthias Schunter (Intel Corporation) on 2013-03-19 (public-tracking@w3.org from March 2013)

From: Matthias Schunter (Intel Corporation) <mts-std@schunter.org>
Date: Tue, 19 Mar 2013 14:37:50 +0100
To: public-tracking@w3.org
Message-ID: <51486A2E.1060901@schunter.org>
Hi Justin,


IMHO the point here is what "real-time" means in the different scenarios.

If we assume that finding the out of band consent is a non-trivial 
database query and takes -say- 3 seconds.

Then these 3 seconds can be spend during batch cleanup overnight 
(discarding all data where you were unable to ensure that you have out 
of band consent). It is also fine for a user to wait some seconds while 
seeing a hour-glass "please wait until we have retrieved our data" at 
the "control" web-page. However, waiting for 3 seconds before responding 
to an http request will make the site very unresponsive.

Does this answer your question?

btw: I did not understand either what role the client-side UA plays (if 
any).


Regards,
matthias




On 19/03/2013 13:59, Justin Brookman wrote:
> Walk me through how this works in practice.  TrackerCo's servers are 
> configured to send back a "possible consent" flag to everyone, and 
> then TrackerCo figures out later how to differentiate among users who 
> have consented and those who have not.  How would the "control" link 
> be able to give the user information on request if TrackerCo is 
> incapable in real time of figuring it out for itself?
>
> I also don't understand why the presence of client-side software makes 
> this more challenging.  Presumably that would make it easier for you 
> to either operate in-band, or otherwise configure browsers to send 
> DNT:0 signals to your servers.  I understand that's a different flavor 
> of out-of-band consent, but at least it's detectable.
>
>     ------------------------------------------------------------------------
>     *From:* Ronan Heffernan [mailto:ronansan@gmail.com]
>     *To:* David Singer [mailto:singer@apple.com]
>     *Cc:* public-tracking@w3.org (public-tracking@w3.org)
>     [mailto:public-tracking@w3.org]
>     *Sent:* Tue, 19 Mar 2013 05:59:39 -0500
>     *Subject:* Re: TPE Handling Out-of-Band Consent (including ISSUE-152)
>
>     David,
>
>        That is pretty much what I was proposing, though we could
>     certainly add some protective language to make it clear that the
>     data cannot be used (except under other fraud and
>     technical-operation permitted uses) until the determination of
>     OOBC is made.  Regarding "delete all the data we don't have
>     consent for", some servers might delete the data, others might be
>     just de-identify it to the same extent that one would have to
>     perform for other non-consented data.
>
>     --ronan
>
>
>     On Mon, Mar 18, 2013 at 8:47 PM, David Singer <singer@apple.com
>     <mailto:singer@apple.com>> wrote:
>
>         I share Justin's concerns, but I also understand where Ronan
>         is coming from.  I am not sure I see what to do here, but
>         let's try.  Let me see if I can summarize...
>
>         What Matthias wrote: the site that thinks it has consent has
>         to tell the user, and offer a URI where the user can review
>         and possibly update that consent ('control').
>
>         What Ronan wrote: we collect all the data ('short term raw
>         data permitted use') and then delete all the data we don't
>         have consent for.
>
>         What Justin asks:  How does the user know where they stand (a
>         pretty basic need)?
>
>
>         I hate to suggest even more status/qualifiers, but do we need
>         one for 'possible consent'?  That would flag to the user that
>         they could check by visiting the 'control' link...
>
>
Received on Tuesday, 19 March 2013 13:38:15 UTC