- From: Mike O'Neill <michael.oneill@baycloud.com>
- Date: Sat, 29 Dec 2012 18:28:13 -0000
- To: <public-tracking@w3.org>, <public-tracking-international@w3.org>
- Message-ID: <03d101cde5f2$43498370$c9dc8a50$@baycloud.com>
Here is a draft API that attempts to solve some of the inconsistencies between the Do Not Track signal and the EU requirement for explicit informed consent. It completes my action-346. The main reason for a new API is to allow per-user signalling of third-parties perhaps residing in different jurisdictions to the first-party. Because in Europe consent must be obtained by default there is a need to signal embedded third-parties that may be operating under different rules. Also, because contractual agreements between parties are rare, first-parties need to have a way to ensure that third-parties honour the (consent) signal in a way that meets the first-party's legal requirements. The API lets a first-party: . use DNT:0 as a consent signal for a subset of its own pages. . use wildcard characters for URI matching. . signal third-parties with DNT=1 as well as DNT=0. This lets the first-party signal that consent is necessary (e.g. because the site targets EU citizens), even if the DNT general preference is unset. . get the user-agent to block less trusted third-parties. HTTP requests to specified third-parties are skipped as if they were matched by a Tracking Selection List block rule, but only within the context of the first-party site. . override block rules in global Tracking Selection Lists if local consent has been given. It is designed to be multi-purpose and extensible. Wishing everyone a happy New Year Mike
Attachments
- application/octet-stream attachment: ConsentAPI.zip
Received on Saturday, 29 December 2012 18:28:49 UTC