W3C home > Mailing lists > Public > public-tracking-comments@w3.org > October 2017

Re: Mapping DNT to GDPR

From: Aleecia M. McDonald <aleecia@aleecia.com>
Date: Thu, 12 Oct 2017 15:18:57 -0700
Message-Id: <378FEE1A-FDEE-47F9-BA0C-5FED1C61E056@aleecia.com>
Cc: "public-tracking-comments w3.org" <public-tracking-comments@w3.org>
To: Robin Berjon <robin.berjon@nytimes.com>
Hello Robin,

A co-author and I argue that DNT may be used to fulfill GDPR depending on how browsers work [1]. 

The W3C working group has designed DNT from the start to be a tri-part state.
	DNT:1	- request not to be tracked
	DNT:0	- agreement to be tracked
	unset	- in the US, the user has not made a choice for privacy so it’s ok to still track them.
			- in the EU, the user has not consented to tracking, so it’s not ok to track them.

This is related to the point Roy raised, but a little different. Basically tracking as opt-in v. opt-out flips based on where the user is located. 

Roy’s point covers things like: it’s not ok for a general purpose browser to choose a setting for their users (i.e. IE.) At a purist level it does not even matter if the browser spams DNT:1 or DNT:0 for users who did not elect it themselves, it will break *somewhere* it is merely the details of how things break that change based on where the user is. 

The phrase “general purpose browser” above exempts things like privacy mode, or a plug-in for privacy, or a plug-in for more personalized ads and shopping suggestions. Those might reasonably send a specific DNT setting as part of how they serve their audience. But for all other general purpose browsers, if the user has not made a choice, don’t send a DNT signal.

Of course there are more details beyond this. I think Mike did a good job at the big picture so I’ll let that stand. Please feel free to contact me on or off list if I can be of assistance. 

	Aleecia
[1]  Zuiderveen Borgesius, F. J., and McDonald, A. M. (2015). Do Not Track for Europe. <http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2588086> 43rd Research Conference on Communication, Information and Internet Policy (Telecommunications Policy Research Conference) September 26, 2015.
Received on Thursday, 12 October 2017 22:20:44 UTC

This archive was generated by hypermail 2.3.1 : Thursday, 12 October 2017 22:20:45 UTC