- From: Rigo Wenning <rigo@w3.org>
- Date: Mon, 02 Apr 2012 18:21:34 +0200
- To: Alan Chapell <achapell@chapellassociates.com>
- Cc: public-tracking@w3.org, Jeffrey Chester <jeff@democraticmedia.org>, Shane Wiley <wileys@yahoo-inc.com>, Jonathan Mayer <jmayer@stanford.edu>, David Singer <singer@apple.com>, John Simpson <john@consumerwatchdog.org>
Alan, I see, and because of the lack of understanding, your remark below is a logic consequence. Let me try again: On Monday 02 April 2012 11:40:28 Alan Chapell wrote: > I'm having a hard time understanding some of your arguments. You say the > group should not be creating standards for consent. And then you also say > that we are creating a consent requirement - and one which others have > indicated should be outlined in considerable detail. Sorry, but I'm afraid > you've lost me. If we write into the Specification that out of band agreements trump DNT, then the Specification can also contain requirements on what "out of band agreement" could possibly mean for our _Specification_. Because all we define is a Specification you can comply to or not. We do not define any law here. So the definition of consent (if any) is scoped to DNT and DNT compliance, not to data protection in general. This scope is _very_ important to the further understanding. We could also be silent on out of band agreements. They may legally trump DNT in some jurisdictions. And in others they wouldn't. Or the out of band agreements would have some requirements in some jurisdictions. This would not affect DNT compliance. In this case, tracking despite DNT=1 by claiming an out of band agreement would be eventually legally clean, but not DNT compliant. > > And I don't believe we are here because regulators are unable to determine > standards of fairness for their jurisdiction. If the goal is to set out a > detailed level of requirements around 'consent' that will work in every > jurisdiction, then I think we're in for a long discussion that will push > the development of our spec out several months. 1/ JC already made a really good suggestion for compromise 2/ we can always fall back to saying nothing or saying that out of band agreements trigger a special response header. On browsers to decide how to react in this case. Again, this is NOT defining any form of "legal consent" for the world. It is just defining compliance with a rather small Specification. Wiggling out of DNT with a click-wrap and still claim DNT compliance is not an option either IMHO. Best, Rigo
Received on Monday, 2 April 2012 16:22:08 UTC