ISSUE-43, ACTION-60: let the user know their options when arriving with Do Not Track

In Brussels there was some doubt about what ISSUE-43 ("Sites should be able to let the user know their options when they arrive with Do Not Track") meant and whether it was a duplicate or otherwise already resolved. Here are my interpretations and my suggested resolution.

Per ISSUE-50, which was closed way back on September 22nd, we agree that a Do Not Track header should be sent to the first party so that the publisher is aware of the user's preference and can provide options in case the publisher needs the tracking for monetization of content, for example. We also need to send the DNT header to the first party since there will be some minimal restriction even on first parties (of the form, "don't share this data with arbitrary third parties to effectively work around my DNT preference"). I elaborate on reasons we should still send DNT:1 on the first request here:

In addition, the JavaScript API (either the DOM property mirroring the header or the siteSpecificTrackingExceptions described in the Site-Specific Exceptions chapter) will give further visibility to the first party. And ISSUE-111 tracks the question of whether the first party should receive a different DNT value if it's in the situation of having some associated site-specific exceptions.

I suggest we keep ISSUE-43 closed. We could re-open if someone believes publishers will somehow not have enough visibility into this status or if changes to the spec would affect whether DNT:1 is sent to the first party or its JavaScript visibility.

Received on Monday, 30 January 2012 15:15:26 UTC