- From: Matthias Schunter (Intel Corporation) <mts-std@schunter.org>
- Date: Wed, 11 Oct 2017 15:29:01 +0200
- To: Shane M Wiley <wileys@oath.com>, Mike O'Neill <michael.oneill@baycloud.com>
- Cc: public-tracking@w3.org, Shane Wiley <wileys@yahoo-inc.com>
Hi Shane, thanks a lot for documenting this important usage. If I understood correctly, your goal is to bind consent to a set of purposes. I.e. the goal is that a party can obtain information on "yes, I obtained consent for purpose2, 8, and 15 from the user browsing the page. While including purpose into UGE is a viable option, it may not be the best way to achieve your goal. If a site can learn (per user) what purposes have been enabled, then fingerprinting risks may be high. It may be hard for us to define the right set of purposes. Finally, I expect that we are not allowed to extend beyond year end unless new members join our WG - A delay may be deadly in this case. I see two potential ways to implement what you need and would like to discuss different implementation options (not sure whether mine work indeed better): 1. STATIC PURPOSES PER SITE - A site documents a set of purposes SP in its privacy policy (and potentially (extension) in the TSR - A site explains the purposes to the user - A user grants consent - The site registers an UGE - Next time, the site obtains a DNT;0 - The site knows that it now has consent for the purposes in SP 2. DYNAMIC PURPOSES PER SITE - A site documents a set of purposes SP in its privacy policy (and potentially (extension) in the TSR - A site explains the purposes to the user - Each user grants consent _TO A SUBSET OF THE PURPOSES_ - One of these purpose must be setting a cookie for keeping preferences - The site registers an UGE (this at least allows setting a cookie) - The site stores a cookie that contains or links to the consented purposes - Next time, the site obtains a DNT;0 - The site retrieves the cookie - The site knows that it now has consent for the purposes referenced by the cookie I suggest whether we find a viable way to implement your usage. If you have additional implementors, I would like to invite them to the group (as visitors) to explain their requirements in order to understand the constraints further. Regards, matthias On 10.10.2017 03:26, Shane M Wiley wrote: > Submitted: https://github.com/w3c/dnt/issues/60 > > - Shane > > On Mon, Oct 9, 2017 at 9:09 AM, Shane M Wiley <wileys@oath.com > <mailto:wileys@oath.com>> wrote: > > Working on it now - will have it out by days end (apologies - > attending a wedding across the coast last week so I'm a bit behind). > > - Shane > > On Sun, Oct 8, 2017 at 10:23 AM, Mike O'Neill > <michael.oneill@baycloud.com <mailto:michael.oneill@baycloud.com>> > wrote: > > Is this an issue posted recently? I see nothing on the list. > > > > -----Original Message----- > From: Matthias Schunter (Intel Corporation) > [mailto:mts-std@schunter.org <mailto:mts-std@schunter.org>] > Sent: 08 October 2017 16:25 > To: public-tracking@w3.org <mailto:public-tracking@w3.org> > (public-tracking@w3.org <mailto:public-tracking@w3.org>) > <public-tracking@w3.org <mailto:public-tracking@w3.org>> > Subject: Next 2 calls canceled (Oct 09 and Oct 16) > > Hi Folks, > > I will be travelling for 2 weeks. I suggest to cancel the call > tomorrow > (Oct 08) and the week afterwards (Oct 16). > Sorry for the short notice. > > In the subsequent call, I would like to discuss the issue Shane > raised. > Shane: Could you outline your usage/requirements/issue in the github > issue tracker? > > > Regards, > matthias > > > > > > -- > - Shane > > Shane Wiley > VP, Privacy > Oath: A Verizon Company > > > > > -- > - Shane > > Shane Wiley > VP, Privacy > Oath: A Verizon Company
Received on Wednesday, 11 October 2017 13:29:33 UTC