W3C home > Mailing lists > Public > public-tracking@w3.org > April 2012

RE: Permitted behavior of third parties under user-granted exceptions?

From: Shane Wiley <wileys@yahoo-inc.com>
Date: Thu, 12 Apr 2012 18:53:08 -0700
To: Matthias Schunter <mts-std@schunter.org>, "public-tracking@w3.org" <public-tracking@w3.org>
Message-ID: <63294A1959410048A33AEE161379C8023D11A996D7@SP2-EX07VS02.ds.corp.yahoo.com>

That captures my understanding as well.  Where was the disconnect?

- Shane

-----Original Message-----
From: Matthias Schunter [mailto:mts-std@schunter.org] 
Sent: Thursday, April 12, 2012 9:48 PM
To: public-tracking@w3.org
Subject: Permitted behavior of third parties under user-granted exceptions?

Hi Folks,

I had an interesting discussion with Alex where we discovered that we
have different opinions on what third parties are permitted to do once
they received an exceptions.
Assumption/scenario is that the user sends DNT;1 unless there is a
user-granted exception.

Please reply if you believe that any of the following statements is wrong:

1. If a third party receives DNT;1 and has no out of band exception, it
is required to follow the constraints for third parties (as defined in
the compliance spec)
    [I believe that this, e.g., means that in general it cannot
correlate data from this interaction with data obtained elsewhere]

2. If a third party receives DNT;0 (e.g., since it has obtained an
exception) then its behavior is not constrained by DNT.

3. This, e.g., imples that if a third party is embedded in multiple
sites and has exceptions on all those sites (i.e., DNT;0 is sent) then
this third party can
    - use the same cookies with unique IDs on all sites
    - correlate the obtained data in any way (at least no constraints
from us)
    - and, e.g., use the cookies to track unique visitors

Received on Friday, 13 April 2012 01:53:54 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:38:40 UTC