Re: Issue 35 (was Re: Issues for Monday Call)

Aleecia,
Thank you so much for the warm note!
On the matter of mandating the Policy Property I rather we keep this as a MAY.  I believe our original position has been to structure the DNT standard as a global one and then allow a blend of local law and self-regulation drive implementation specifics in each country.  As a  "SHOULD" requires implementation unless a party has a strong justification to not do it - it is essentially a MUST for most implementors.  I don't believe we collectively want to presume the path of individual country laws so any changes to this element should be "technically required" versus "policy recommended".
For US and EU companies I believe their local implementation guidance will be to include a link in the Policy Property and in each of those policies they will state if they are or are not supporting DNT and to what extent a DNT:1 will change their collection and use of tracking data.  It appears you want not a link to just the Privacy Policy but to the very specific section that speaks to DNT directly, correct?  Is that very helpful without the broader context of what is occurring with DNT:0?  I believe including the DNT section in the Privacy Policy will be more useful as it will give the user context for what occurs with DNT:0 and then what specifically does not with DNT:1.   
With that in mind, I'd recommend we not change the current MAY element but would personally suggest to US and EU companies as local implementation guidance that they a) provide their privacy policy link in this field and b) include a specific section on their DNT implementation.
- Shane
Shane Wiley
VP, Privacy Policy
Yahoo

      From: Aleecia M. McDonald <aleecia@aleecia.com>
 To: "public-tracking@w3.org (public-tracking@w3.org) (public-tracking@w3.org)" <public-tracking@w3.org> 
 Sent: Monday, April 24, 2017 10:05 AM
 Subject: Issue 35 (was Re: Issues for Monday Call)
   
Matthias did not see my text because it was off in github and I sent it very late. Here it is again, then, in full:
With no standard compliance spec to set a minimum bar, a very common use case for all UIs will be to find a way to present text to users what they consent to when users agree to tracking. A standard hook to do this is both useful and necessary to ensure usability in practice, and address the gaping hole left by shooting the compliance spec. Of course, this also supports US law (AB 370) as well as likely EU law as well.Specifically, I propose changes to section, 6.5.8 Policy Property, as follows:   
   - Change from MAY to SHOULD provide a policy property.
   - Either:   
a. Specify that while the exact details are out of spec, the Policy Property SHOULD inform users of what changes between DNT:0 and DNT:1, or   
b. Extend to have two different policy properties, one for DNT:0 and the other for DNT:1.   
(I suspect a is easier for users, and b is easier for implementors. I imagine others will have opinions as to which is better.)
   - Additionally, add the following text: User agents implementing Do Not Track SHOULD present this information to users when asking them to make decisions about tracking.
Of note: this leaves all text in the hands of the companies of how to describe things. It only requires that they do so (as with AB 370) and that they do so in a way that user agents can hook into to make DNT at all usable in practice. This is a mighty low bar.***
Again duplicative, but the warmest of best wishes to Shane! Fantastic news, and I wish you all happiness in your newly-wed life. Perhaps our spouses can form a DNT support group. :-)
 Aleecia

On Apr 23, 2017, at 8:02 PM, Aleecia M. McDonald <aleecia@aleecia.com> wrote:
I’ve submitted https://github.com/w3c/dnt/issues/35 in keeping with prior conversations. Sorry I’ve missed the last two calls. 

tl;dr — provide a standard hook for UAs to display to users what they are consenting to when they opt in / opt out. 

 Aleecia