Re: action-231, issue-153 requirements on other software that sets DNT headers

On 8/23/2012 8:19 PM, Roy T. Fielding wrote:
> On Aug 23, 2012, at 4:58 PM, Tamir Israel wrote:
>> Hi Roy,
>> On 8/23/2012 7:46 PM, Roy T. Fielding wrote:
>>> To obtain explicit and informed prior consent, we have to do something
>>> out of band that obtains explicit and informed consent.  I don't
>>> know exactly what that is, but I am sure it doesn't include giving
>>> a pre-selected option in a dialog during initial installation/use
>>> of an operating system default UA.
>> Is this obligation (that out of band consent mechanisms must reflect explicit and informed user consent) in the TPE?
> No, they are out of band mechanisms for the *purpose* of obtaining
> explicit and informed prior consent.  If the mechanisms don't work,
> that's not our problem to solve [no implied permissions are given
> just for trying].

But surely we should specify that compliance with the TPE includes 
ensuring out of band consent is only obtained by express means. 
Otherwise, since there's no obligation 'at large' to do so (at least in 
some jurisdictions), there's no reason to think that out of band consent 
will be anything of the sort. It could, in fact, be buried in a privacy 
policy or otherwise implied.


Received on Friday, 24 August 2012 00:24:55 UTC