action-346 issue-189 A new API linking EU consent and DNT.

 

Here is a draft API that attempts to solve some of the inconsistencies
between the Do Not Track signal and the EU requirement for explicit informed
consent. It completes my action-346.

 

The main reason for a new API is to allow per-user signalling of
third-parties perhaps residing in different jurisdictions to the
first-party.

 

Because in Europe consent must be obtained by default there is a need to
signal embedded third-parties that may be operating under different rules.  

 

Also, because contractual agreements between parties are rare, first-parties
need to have a way to ensure that third-parties honour the (consent) signal
in a way that meets the first-party's legal requirements. 

 

The API lets a first-party:

.        use DNT:0 as a consent signal for a subset of its own pages.

.        use wildcard characters for URI matching.

.        signal third-parties with DNT=1 as well as DNT=0. This lets the
first-party signal that  consent is necessary (e.g. because the site targets
EU citizens), even if the DNT general preference is unset. 

.        get the user-agent to block less trusted third-parties. HTTP
requests to specified third-parties are skipped as if they were matched by a
Tracking Selection List block rule, but only within the context of the
first-party site. 

.        override block rules in global Tracking Selection Lists if local
consent has been given.

 

It is designed to be multi-purpose and extensible.

 

Wishing everyone a happy New Year

 

Mike

Received on Saturday, 29 December 2012 18:28:49 UTC