Re: action-231, issue-153 requirements on other software that sets DNT headers

On Aug 23, 2012, at 6:01 AM, Justin Brookman wrote:

> It is inaccurate to say that IE10's implementation is inconsistent witht the spec, as the WG has not chosen an option to define explicit and informed consent.  The Windows flow presents information about DNT along with several other options; as an opt-in flow, you could argue that DNT should be called out more prominently, but I have seen a lot worse.
> 
> Please recall that the group previously rejected requiring consent to require distinct permission separate from other information, and you yourself wanted to leave open the possibility that consent could be obtained through a *privacy policy*.  So it is certainly an open question whether IE10 meets the explicit and informed consent standard that the spec provides for.

No, I said that a privacy policy is not by nature inconsistent
with prior consent. It depends how the policy is constructed and
presented to the user.  In other words, they are orthogonal, whereas
you assume that "privacy policy" means some long document elsewhere
that is not presented to the user and does not have an affirmative
choice option.  I also said that prior consent is a state of being,
and regulators can and do fine companies when they assume consent
that has not actually been granted.  None of that should be a surprise.
It is sufficient to say "must have prior consent", without any
further details whatsoever, because that's how existing laws work.

What is missing from the MSIE configuration dialog, given this is
a UA installed by default by the operating system and thus not
reflective of a user's choice on its own, is an affirmative choice
made by the user for a tracking preference to be enabled, and a
default (in the absence of choice) as unset.  That is obvious.

....Roy

Received on Thursday, 23 August 2012 20:27:25 UTC