RE: Yet another DNT Act

The IABEU's TCF (Transparency & Consent Framework) has no way for a 3rd
party embedded resource (i.e. an ad exchange) to retain a consent signal
from a 1st party i.e. publisher site without using a 3rd party cookie or
other storage.

Before ITP et al they had the "euconsent" cookie in the *
domain. This had an issue that it could only signal consent across the web
(web-wide not site-specifically), but they liked that.

After ITP they only have 1st party cookies left - on Safari, and also soon
Firefox while Google is soon making them self-declare cookies as
SameSite=None on Chrome.

They can still signal consent using an elaborate JavaScript posMessage
scheme on every page-load, but this has too high a latency for RTB (Real
Time Bidding). 

Also ITP2.1 reduced the time-to-live for JavaScript placed 1st party cookies
to 7 days, now further reduced in some circumstances to 24 hours (ITP2.2).


So they have to get the browser companies to give them an exemption for
their cookies, not likely given the web-wide only signalling issue, or have
access to a cross-domain controllable header. 


DNT already has that.










From: Craig Spiezle <> 
Sent: 20 May 2019 17:18
Subject: RE: Yet another DNT Act


Thanks for forwarding.  I am hopeful one of these efforts gains traction and
bi-partisan support.  On a related note I find it somewhat ironic that IAB
now states it is in support of providing users more control over tracking.


I guess the devil is in the details



From: Mike O'Neill <
<> > 
Sent: Monday, May 20, 2019 8:52 AM
To: <> 
Cc: <> 
Subject: Yet another DNT Act


If this gets cross-party support.





Received on Monday, 20 May 2019 17:40:55 UTC