To me this is the crux of the issue. Consent is not binary, and no one will pretend you need a user's expression so that you can *not* track them. But the spec currently treats these as the same. That does not reflect legal or practical realities. On 6/13/2012 2:26 AM, Nicholas Doty wrote: >> Two cases come to mind: >> >> 1. If a UA sends a DNT:1 by default, AND this is truly the >> preference of the user, if the server fails to respond >> accordingly to DNT:1 then arguably compliance has not been >> achieved. >> 2. If, conversely, a server honors a well formed DNT:1 set by a >> vendor or intermediary, absent such being the actual preference >> of the the user, again preference has not been honored and >> compliance not maintained. >> > For the second case: I'm not aware of anything in draft specifications > that would make a server non-compliant if it treated a user that > hadn't expressed a DNT:1 preference as if it had. For example, we > don't have any requirements that a user who arrives with DNT:0 must be > tracked. You might confuse a user if you provide a very different > experience under DNT:1 and it was inserted by an intermediary > unbeknownst to the user, but I don't see any issues with compliance > with this group's specifications.
Received on Thursday, 14 June 2012 05:01:37 UTC