- From: Roy T. Fielding <fielding@gbiv.com>
- Date: Thu, 23 Aug 2012 17:47:59 -0700
- To: Tamir Israel <tisrael@cippic.ca>
- Cc: "public-tracking@w3.org WG" <public-tracking@w3.org>
On Aug 23, 2012, at 5:23 PM, Tamir Israel wrote: > But surely we should specify that compliance with the TPE includes ensuring out of band consent is only obtained by express means. Otherwise, since there's no obligation 'at large' to do so (at least in some jurisdictions), there's no reason to think that out of band consent will be anything of the sort. It could, in fact, be buried in a privacy policy or otherwise implied. I think you are focusing on a non-problem. There is no obligation in some jurisdictions to have consent of any kind, but that isn't applicable to this discussion. What DNT requires in a statement of compliance (the tracking status value) is either compliance to the limitations of "N", "1", or "3", or a claim by the site that it has prior consent from the user that overrides DNT. I don't know of any jurisdiction relevant to DNT that allows a company to claim it has consent when it does not, in fact, have consent. Consent is a state of being, not a process. How you obtain consent is a process. That process is not defined by the specs because it is out of band. The in-band process is called User-granted Exceptions. ....Roy
Received on Friday, 24 August 2012 00:48:12 UTC