- From: Lee Tien <tien@eff.org>
- Date: Tue, 17 Jun 2014 15:46:24 -0700
- To: public-tracking-comments@w3.org
To the extent that one objective of the TPE standard is to ensure that a server’s communication of its tracking status value is enforceable under Section 5 of the FTC Act or another similar regulatory regime, the TPE specification should require the server to describe within its privacy policy or other public-facing documents the meaning of its TSV and how the server responds to users’ tracking preferences. The Last Call Document already requires an analogous explanation in a similar context. "6.2.8 Disregarding (D) A tracking status value of D means that the origin server is unable or unwilling to respect a tracking preference received from the requesting user agent. An origin server that sends the D tracking status value must detail within the server's corresponding privacy policy the conditions under which a tracking preference might be disregarded. For example, an origin server might disregard the DNT field received from specific user agents (or via specific network intermediaries) that are deemed to be non-conforming, might be collecting additional data from specific source network locations due to prior security incidents, or might be compelled to disregard certain DNT requests to comply with a local law, regulation, or order." It therefore appears reasonable and within scope of the TPE specification to require the same level of public, human-readable disclosure as to a server's response policy when it respects a tracking preference. Obviously, servers may respond in different ways depending on the nature of the incoming request; the major variations would, in our view, be sufficient. The point is that there must at least be a public representation of the response policy. Thanks, Lee -- Lee Tien Senior Staff Attorney Electronic Frontier Foundation 815 Eddy Street San Francisco, CA 94109 (415) 436-9333 x 102 (tel) (415) 436-9993 (fax) tien@eff.org
Received on Tuesday, 17 June 2014 22:57:32 UTC