Re: Delta Document

Just to echo Vinay and having been on a panel with a COM representative: they consider that 5.3 allows for both: explicit consent and implied consent.
That explains from another stakeholder's perspective what Vinay heard.

Kind regards,
Kimon

----- Reply message -----
From: "Vinay Goel" <vigoel@adobe.com>
To: "Rigo Wenning" <rigo@w3.org>, "public-tracking-international@w3.org" <public-tracking-international@w3.org>
Cc: "Nicole Nauen" <nicole.nauen@nugg.ad>
Subject: Delta Document
Date: Thu, Apr 25, 2013 11:54 am



Hi Rigo,

Thanks for doing this!  I've finally had the opportunity to digest this
and to speak directly with both EU-based global companies and EU-only
companies.  In all of my discussions with 20+ customers, I've yet to find
a company that thinks what this task force is producing would help
significantly in compliance with the ePrivacy Directive.

Specifically, you state "First it would allow the user to signal consent
without being annoyed by opening pop-ups or JavaScript window shades." in
section 2.2. It is important to note that the majority of countries in the
EU do allow for a weaker consent requirement for analytics cookies (an
implied consent model).  Because of this, these companies do NOT need an
explicit/affirmative action (setting DNT:0) to conduct analytics.  These
companies plan to perform first-party analytics to users/browsers with
DNT:1 set -- what they would do is put an implied consent window
shade/overlay.  And, they would argue that this is sufficient with EU law
for their market.  I suspect VERY few consumers will opt-in (set DNT:0)
browser-wide unless the browsers better educate users on the drawbacks to
DNT:1.  So, all of the customers I've spoken to are still going to develop
their own implied consent model for analytics.  They are still going to
deploy them across their site.  Its significantly cheaper for them to do
this than to modify its servers (which handle their websites globally) to
treat the DNT signal differently for EU markets.  They understand that the
pending Regulation may change all of this, but its too early to tell what
will be required within the new regulation for our customers to design for
anything now.

I completely agree/acknowledge that a DNT:0 setting would be extremely
helpful for ad network-type companies that engage in cross-site tracking
(activities that most DPAs and the Article 29 Working Party suggest
require explicit consent).  But, at least in my discussions with companies
that collect data for its own uses under an implied consent model, they
don't see much value/significance for DNT:0 because they are afraid it
would change (remove) their ability to rely on implied consent for
analytics.

Do you know of companies that would prefer to use DNT:0 (as consent for
analytics) and would actually get rid of its implied consent
pop-up/window-shade?

-Vinay


On 4/2/13 9:40 AM, "Rigo Wenning" <rigo@w3.org> wrote:

>Dear all,
>
>as we agreed at the Berlin meeting, before making any further decision,
>we wanted to see the deltas to the EU environment and potential areas of
>issues.
>
>As promised, I made a first Draft that is now open for comment and
>improvement:
>
>http://www.w3.org/2011/tracking-protection/1303-gloco-delta.html
>
>You can either comment in email to the list or you can import the HTML
>into your favorite word-processing tool and activate the change-control
>or you can edit the html with a text editor and markup your changes with
><ins></ins> and <del></del> and send me the resulting page per email.
>
>All people with CVS access can directly edit the source file while
>respecting the change-control indicated above.
>
>Please comment by Tuesday next week as I want to have a first round of
>comments before scheduling a teleconference.
>
> --Rigo
>