RE: Proposed Text for Issue 71

Thanks Jonathan, its very helpful to separate the issue into these sub topics.

On (2), could you propose revised text? If I am understanding you correctly, I thought Ninja and I had attempted to address this concern through the following: "(third party) MUST NOT relate additional data from that HTTP request to existing profiles associated with that user-agent..."

Sent from my Windows Phone
From: Jonathan Mayer
Sent: 1/29/2012 9:55 AM
To: David Singer
Cc: JC Cannon; Amy Colando (LCA);;
Subject: Re: Proposed Text for Issue 71

To take a step back, there are at least five separate design decisions here:

1) May a third party merge a DNT user's information into an old profile?
This text says no, and I imagine that's a point of consensus or near-consenus in the group.

2) May a third party collect data from a DNT user that could be merged into an old profile?
This text says yes.  I strongly disagree.  (In general I share the view Brett Error from Adobe advocated in Cambridge: if a Do Not Track user can get tagged with a unique identifier cookie, we've probably done something wrong.)

3) May a third party retain the ability to resume profiling a DNT user if he or she ever disables DNT?
This text says yes.  I'm ok with it.  Note that this design decision is independent of the one just before.  Here's a quick sketch of a technical approach: if the user enables DNT, stash old tracking cookies in HTML5 local storage.  If the user disables DNT, pull the cookies back out.

4) Must a third party delete old profile data if a user enables DNT?
This text says no.  I'm ok with that.

5) Must a third party delete or scrub historical non-profile data if a user enables DNT?
This text says no.  I'm also ok with it.

On Jan 29, 2012, at 10:34 AM, David Singer wrote:


I think that the general principle is that a user who sometimes uses DNT:1 and sometimes no DNT, or DNT:0, would accumulate up to two distinct databases: one containing the normal tracking, the other containing only the data (if any) permitted and claimed by an exception.  The occasional use of DNT:1 would not cause a disruption in the continuity of the other database (e.g. if cookies were deleted, there would be a discontinuity on the next non-DNT visit).

On Jan 29, 2012, at 7:18 , JC Cannon wrote:

I would also like to clarify that cookies should not automatically be deleted due to the reception of a DNT signal. Cookies often have multiple purposes and auto-deletion could cause undesired consequences.


From: Amy Colando (LCA) []
Sent: Friday, January 27, 2012 2:57 AM
Subject: RE: Proposed Text for Issue 71

Thanks Frank.  The approach that we took below was that if the user if sending DNT 1, the only data collection/use that third parties could engage in would be the Exceptions elsewhere in the specification.  And yes, the text assumes that the data collected/used is identifiable (e.g., cookies or other identifiers associated with DNT request transaction).

I considered and rejected the automatic deletion of all previously collected data for the reasons stated in the proposed text.

Of course, if there is consent or override from the individual user, then these rules would not apply.



From:<> []<mailto:[]>
Sent: Thursday, January 26, 2012 9:48 AM
To: Amy Colando (LCA)
Subject: Re: Proposed Text for Issue 71

Sees to me that this is a scenario where we are talking about a combination of two or more mechanisms:
1) DNT
2) cookies or something similar to recognize the user

Form the EU perspective you can prevent the users from beeing re-recognized by deleting cookies at the same time when the user sets dnt=1.

Is this a way to handle this ?


Deutsche Telekom AG
Service Headquarters, Group Privacy
Frank Wagner
Deutsche-Telekom-Allee 7, 64295 Darmstadt, Germany
+49 6151 937-3514 (Phone)
+49 521 9210-1175 (Fax)
+49 175 181-9770 (Mobile)

Life is for sharing.

Deutsche Telekom AG
Supervisory Board: Prof. Dr. Ulrich Lehner (Chairman)
Board of Management: René Obermann (Chairman),
Dr. Manfred Balz, Reinhard Clemens, Niek Jan van Damme,
Timotheus Höttges, Claudia Nemat, Thomas Sattelberger
Commercial register: Amtsgericht Bonn HRB 6794
Registered office: Bonn

Big changes start small – conserve resources by not printing every e-mail.

Am 26.01.2012 um 17:32 schrieb "Amy Colando (LCA)" <<>>:
Here is text that Ninja and I worked on. Ninja, I incorporated most of your edits, but please feel free to comment and suggest text, as should others.

Issue number: 71
Issue name: Does DNT also affect past collection or use of past collection of info?
Issue URL:
Section number in the FPWD: 4.3
Contributors to this text:
Ninja Marnau
Amy Colando


This is particularly of interest in Europe, where consent may only apply to information that will be collected in the future, not retrospectively. If DNT does affect prior data collection, how does that work in practice? What are companies responsible for?

DNT signal affects the HTTP request that it accompanies, and may be modified by the user.  As such, the DNT signal is transactional and granular in nature, and should not affect data previously gathered.


•         When a third party receives a DNT signal, it MUST NOT relate additional data from that HTTP request to existing profiles associated with that user-agent that are based on data that the third party has previously collected across sites over time; this is  except as permitted by Exceptions stated elsewhere in this specification (e.g., user override, frequency capping, billing, silo-ed analytics).
•         Additionally, the entity MUST NOT use identifiers that it can determine were collected from the same user agent before the DNT signal was received, except as permitted by Exceptions, for as long as it continues to receive a DNT signal from that user-agent.
•         The entity MAY take additional steps with respect to previously collected DNXT data such as deleting data before its usual expiration. However, as DNT signal affects only HTTP request that it accompanies and may be modified by the user, it is not recommended that special deletion take place without some notice to user(s).

Examples and Use Cases:

1.      User visits Site A, to which Ad Network B delivers advertisements.  Ad Network B has accumulated transactional information about User from User’s visits to Site A and other non-affiliated sites in the past. However, User now sends DNT signal with HTTP request during this session on Site A.  Ad Network B cannot add information from current HTTP request from Site A session to any profile it maintains on User. Since it must not collect and any data from this session and relate it to previously collected data, Network B must regard and treat him like completely unknown user to them, absent any Exceptions or override from user.

2.      Same as above scenario.  Based on transactional information collected about User’s visits to non-affiliated sites in the past, Ad Network B has placed User into Technology Shopper Segment.  Since Ad Network B must not recognize User during sessions in which User is sending DNT signal via that browser, it cannot deliver Technology Shopper advertisement to User’s browser, absent obtaining override from user.  Ad Network B may instead choose to deliver a random ad, an ad based on the context of Site A, or an ad based on general location based on IP address transmitted with HTTP

David Singer
Multimedia and Software Standards, Apple Inc.

Received on Sunday, 29 January 2012 11:49:49 UTC