Re: Examples of successful opt-in implementations

We agreed it was directed at third parties, however it seems some people
(as we heard on the call today) are trying to turn DNT into something to
solve opt-in problems, presumably for first parties as well. I'm trying to
figure out how much of hole we're getting dug into :)

"No one has managed to figure this out in a deployable manner. Please give
us a solution by 1 January 2013" is a bit of a frightening thought :)

-Ian

On Wed, Jun 13, 2012 at 2:30 PM, Jonathan Mayer <jmayer@stanford.edu> wrote:

> The cookie manager widget at http://www.bt.com/ seems passable.
>
> At any rate, I'm unsure where this line of inquiry is going.  We've
> already agreed that Do Not Track is directed towards third parties, not
> first parties.
>
> Jonathan
>
> On Wednesday, June 13, 2012 at 3:18 PM, Dobbs, Brooks wrote:
>
>  Ian,
>
> I would say that I have seen some sites that are arguably one step closer,
> though not truly opt-in.
>
> If you look at http://www.nectar.com/ you’ll see a similar disclosure to
> that on the FT, but with a Cookie Consent link that takes you to a cookie
> inventory with a place for the status of each cookie and the purpose of
> each cookie.  Now while they get points for making a greater effort, I
> would say that the final result seems fairly problematic as: 1) though the
> site lists 52 cookie issuers, my personal packet sniff showed both that
> they included cookies that I didn’t come across (no problem - I didn’t
> actually read every page) AND missed cookies that I did come across
> (problem) and 2) a number of the 52 cookies issuers where listed as having
> “undisclosed” purposes with a specific inability to offer choice.
>
> So even if they took the particularly consumer annoying step of making the
> user go through 52 pop-up, opt-in screens, they still would not be opt-in
> compliant.
>
> Not trying to pick on them, just pointing out that, as you seem to
> suggest, we aren’t seeing a lot of (any?) real opt-in compliant websites in
> the wild, and that the closer they get, the more troubles they seem to make
> for themselves.
>
> -Brooks
>
>
> On 6/13/12 3:26 PM, "Ian Fette   (イアンフェッティ)" <ifette@google.com> wrote:
>
> Out of curiosity, on today's call two examples of "successful" opt-in
> implementations were given.
>
> 1. was the financial times - http://www.ft.com/home/us. This shows a
> popup saying the following: "FT Cookie Policy
> We have published a new cookie policy. It explains what cookies are and
> how we use them on our site. To learn more about cookies and their
> benefits, please view our cookie policy.
>
> If you'd like to disable cookies on this device, please view our
> information pages on 'How to manage cookies'. Please be aware that parts of
> the site will not function correctly if you disable cookies.
>
> By closing this message, you consent to our use of cookies on this device
> in accordance with our cookie policy unless you have disabled them."
>
> Before you even accept anything, I counted 40 cookies being set, including
> 18 from Financial Times. FT itself used HTML5 local storage in addition to
> the 18 cookies.
>
> 2. The other was the UK CIO's site -- this seems to be down at the moment.
> www.cio.gov.uk <http://www.cio.gov.uk>  redirects to some archive page.
> Taking another government site as an example, I see 7 cookies including
> GUIDs from http://www.cabinetoffice.gov.uk/content/privacy-policy
>
> So, I'd like to re-raise my question of whether anyone has actually
> successfully managed to deploy an opt-in compliant website in the wild...
>
> -Ian
>
>
> --
>
> *Brooks Dobbs, CIPP *| Chief Privacy Officer | *KBM Group* | Part of the
> Wunderman Network
> (Tel) 678 580 2683 | (Mob) 678 492 1662 | *kbmg.com*
> *brooks.dobbs@kbmg.com
>
>
> *
> This email – including attachments – may contain confidential information.
> If you are not the intended recipient,
>  do not copy, distribute or act on it. Instead, notify the sender
> immediately and delete the message.
>
>
>