tracking-ISSUE-189 (EUConsent): Explicit informed consent mechanism needed [Global Considerations]

This should also have gone to the GC list, so here it is for people on that list but not on the main one.


tracking-ISSUE-189 (EUConsent): Explicit informed consent mechanism needed [Global Considerations]

http://www.w3.org/2011/tracking-protection/track/issues/189

Raised by: Mike O'Neill
On product: Global Considerations

There is a fundamental inconsistency between the current understanding of the DNT signal and a consent signal that would meet the European legal requirement for explicit informed consent (EIC). EIC must have been given before action is taken to identify users so if DNT is unset European servers would either need another mechanism or assume consent was absent, which does not correspond to the current TPC. It is also unlikely that the interpretation of DNT by receiving servers as specified in the TPC will be the same as the interpretation required for receiving Data Controllers & Processors for presence or absence of an EIC signal.
The Working Group is the natural place to design an EIC mechanism as all the expertise and focus on the issue is already here.
It would be very useful to have a technical mechanism for signalling EIC. The advantage the DNT mechanism had in this context was that the header is also sent to third-parties (in the HTTP sense), and the UGE API gives first-party sites the ability to control it for third-parties. It should also be possible to also do this for an EIC signal.
The GC group should define what an EIC should mean (e.g.  “action can be taken to identify this user for legal purposes”) and suggest a technical way it could be set and signalled. We should then ask the Working Group to ensure that normative text to describe the mechanism is put into the TPE alongside the DNT UGE mechanism.

Mike

Received on Thursday, 22 November 2012 08:33:23 UTC