Re: action-231, issue-153 requirements on other software that sets DNT headers

On Aug 23, 2012, at 5:23 PM, Tamir Israel wrote:
> But surely we should specify that compliance with the TPE includes ensuring out of band consent is only obtained by express means. Otherwise, since there's no obligation 'at large' to do so (at least in some jurisdictions), there's no reason to think that out of band consent will be anything of the sort. It could, in fact, be buried in a privacy policy or otherwise implied.

I think you are focusing on a non-problem.  There is no obligation
in some jurisdictions to have consent of any kind, but that isn't
applicable to this discussion.

What DNT requires in a statement of compliance (the tracking status
value) is either compliance to the limitations of "N", "1", or "3",
or a claim by the site that it has prior consent from the user that
overrides DNT.

I don't know of any jurisdiction relevant to DNT that allows a
company to claim it has consent when it does not, in fact, have consent.

Consent is a state of being, not a process.  How you obtain consent
is a process.  That process is not defined by the specs because it
is out of band.  The in-band process is called User-granted Exceptions.


Received on Friday, 24 August 2012 00:48:12 UTC