- From: Justin Brookman <jbrookman@cdt.org>
- Date: Thu, 23 Aug 2012 17:48:24 -0400
- To: public-tracking@w3.org
- Message-ID: <876c1ab6-c1ec-41fe-a6f0-44653b8785bf@blur>
No, what is obvious is that are advocating for two different levels of user intent: a high bar for turning on DNT in the first place, and a considerably lower bar for getting a user-granted exception to the DNT signal. A user agent must set its user interface very carefully to ensure that DNT is the clearly intentioned will of the user but a party, but a site only needs to abide by the law to get an exception to this c Sent via mobile, please excuse curtness and typos -----Original message----- From: "Roy T. Fielding" <fielding@gbiv.com> To: Justin Brookman <jbrookman@cdt.org> Cc: public-tracking@w3.org Sent: Thu, Aug 23, 2012 20:28:22 GMT+00:00 Subject: Re: action-231, issue-153 requirements on other software that sets DNT headers On Aug 23, 2012, at 6:01 AM, Justin Brookman wrote: > It is inaccurate to say that IE10's implementation is inconsistent witht the spec, as the WG has not chosen an option to define explicit and informed consent. The Windows flow presents information about DNT along with several other options; as an opt-in flow, you could argue that DNT should be called out more prominently, but I have seen a lot worse. > > Please recall that the group previously rejected requiring consent to require distinct permission separate from other information, and you yourself wanted to leave open the possibility that consent could be obtained through a *privacy policy*. So it is certainly an open question whether IE10 meets the explicit and informed consent standard that the spec provides for. No, I said that a privacy policy is not by nature inconsistent with prior consent. It depends how the policy is constructed and presented to the user. In other words, they are orthogonal, whereas you assume that "privacy policy" means some long document elsewhere that is not presented to the user and does not have an affirmative choice option. I also said that prior consent is a state of being, and regulators can and do fine companies when they assume consent that has not actually been granted. None of that should be a surprise. It is sufficient to say "must have prior consent", without any further details whatsoever, because that's how existing laws work. What is missing from the MSIE co
Received on Thursday, 23 August 2012 21:48:37 UTC