- From: Matthias Schunter <mts-std@schunter.org>
- Date: Fri, 13 Apr 2012 03:47:39 +0200
- To: "public-tracking@w3.org" <public-tracking@w3.org>
Hi Folks,
I had an interesting discussion with Alex where we discovered that we
have different opinions on what third parties are permitted to do once
they received an exceptions.
Assumption/scenario is that the user sends DNT;1 unless there is a
user-granted exception.
Please reply if you believe that any of the following statements is wrong:
1. If a third party receives DNT;1 and has no out of band exception, it
is required to follow the constraints for third parties (as defined in
the compliance spec)
[I believe that this, e.g., means that in general it cannot
correlate data from this interaction with data obtained elsewhere]
2. If a third party receives DNT;0 (e.g., since it has obtained an
exception) then its behavior is not constrained by DNT.
3. This, e.g., imples that if a third party is embedded in multiple
sites and has exceptions on all those sites (i.e., DNT;0 is sent) then
this third party can
- use the same cookies with unique IDs on all sites
- correlate the obtained data in any way (at least no constraints
from us)
- and, e.g., use the cookies to track unique visitors
Regards,
matthias
Received on Friday, 13 April 2012 01:48:00 UTC