- From: Shane Wiley <wileys@yahoo-inc.com>
- Date: Thu, 12 Apr 2012 18:53:08 -0700
- To: Matthias Schunter <mts-std@schunter.org>, "public-tracking@w3.org" <public-tracking@w3.org>
Matthias, That captures my understanding as well. Where was the disconnect? - Shane -----Original Message----- From: Matthias Schunter [mailto:mts-std@schunter.org] Sent: Thursday, April 12, 2012 9:48 PM To: public-tracking@w3.org Subject: Permitted behavior of third parties under user-granted exceptions? Hi Folks, I had an interesting discussion with Alex where we discovered that we have different opinions on what third parties are permitted to do once they received an exceptions. Assumption/scenario is that the user sends DNT;1 unless there is a user-granted exception. Please reply if you believe that any of the following statements is wrong: 1. If a third party receives DNT;1 and has no out of band exception, it is required to follow the constraints for third parties (as defined in the compliance spec) [I believe that this, e.g., means that in general it cannot correlate data from this interaction with data obtained elsewhere] 2. If a third party receives DNT;0 (e.g., since it has obtained an exception) then its behavior is not constrained by DNT. 3. This, e.g., imples that if a third party is embedded in multiple sites and has exceptions on all those sites (i.e., DNT;0 is sent) then this third party can - use the same cookies with unique IDs on all sites - correlate the obtained data in any way (at least no constraints from us) - and, e.g., use the cookies to track unique visitors Regards, matthias
Received on Friday, 13 April 2012 01:53:54 UTC