RE: ACTION-141: Draft text on DNT Expressing a Tracking Preference

Rigo,

Thank you for developing this draft language.  Outside of smaller subjective edit suggestions I'll save for now, there does appear to be a larger logic issue towards the end of the text which I believe will need to be modified:

"Likewise, servers might make use of other preference information outside the scope of this protocol, such as site-specific user preferences or third-party registration services, to inform or adjust their behavior when no explicit preference is expressed via this protocol."

In the circumstance of "site-specific user preferences or third-party registration services" I believe we would consider these out-of-band user consent structures and therefore the language around "when no explicit preference is expressed via this protocol" is an incorrect statement as even WITH a preference expressed via this protocol, the out-of-band user consent would trump.

I would recommend you remove the last portion of the sentence starting with "when".

Result:
""Likewise, servers might make use of other preference information outside the scope of this protocol, such as site-specific user preferences or third-party registration services, to inform or adjust their behavior."

Thank you,
Shane
 
-----Original Message-----
From: Rigo Wenning [mailto:rigo@w3.org] 
Sent: Monday, March 05, 2012 5:00 AM
To: public-tracking@w3.org
Subject: ACTION-141: Draft text on DNT Expressing a Tracking Preference

Hi all, 

in our last teleconference I was complaining about the confusion between 
considerations for user agents and considerations for services. I got an 
action to write the changes I had in mind into concrete text. This is what 
I've done below. 

I've tweaked the wording to the user agent implementers and added wording on 
assumptions for the services receiving or not receiving a DNT header. IMHO, 
both things follow fundamentally different considerations. And this justifies 
to address user agents on the one side and services on the other side in two 
different sections. 

Best, 

Rigo


=============================================


      <h2>Expressing a Tracking Preference</h2>
	<section id='expression-format'>
        <h3>Expression Format</h3>

      <p>
	The tracking preference has two centers of attention: The user agent
	administrating the user's preference and interfacing as needed. And the
	service who implements its reaction to the expression or non-expression
	of a tracking preference.
      </p>
      <h4>User agent considerations</h4>
      <p>
        When a user has <a>enabled</a> a tracking preference, that
        preference needs to be expressed to all mechanisms that might perform
        or initiate tracking by third parties, including sites that the user
        agent communicates with via HTTP, scripts that can extend behavior on
        pages, and plug-ins or extensions that might be installed and
        activated for various media types.
      </p>
      <p>
        When <a>enabled</a>, a tracking preference is expressed by the user
	agent as either:
        <table class="simple" width="80%" align="center">
          <tr><th>DNT</th>
              <th>meaning</th>
          </tr>
          <tr><td align="middle">1</td>
              <td>The user prefers not to be tracked for the target site or
                  range of sites.</td>
          </tr>
          <tr><td align="middle">0</td>
              <td>This user prefers to allow tracking on the target site.<td>
          </tr>
        </table>
      </p>
      <p>
        If a tracking preference is <a>not enabled</a>, or hasn't been set
	by the user, then no preference is sent by the user agent.  This
	means that no expression is sent for each of the following cases:
        <ul>
          <li>the user agent does not implement this protocol; or</li>
          <li>the user agent does implement the protocol, but the user has
	    not yet or does not wish to indicate a preference at this time.</li>
        </ul>
      </p>
      <h4>Service considerations</h4>
      <p>
	A service receiving a tracking preference MUST assume the following:
      <table class="simple" width="80%" align="center">
	  <tr>
	    <th>DNT</th>
	    <th>meaning</th>
	  </tr>
	  <tr>
	    <td align="middle">1</td>
	    <td>This user prefers not to be tracked on the requested site.</td>
	  </tr>
	  <tr>
	    <td align="middle">0</td>
	    <td>This user allows tracking on the requested site.</td>
	  </tr>
	</table>
      </p>
      <p>
	If a service does not receive a DNT header or if the DNT header doesn't 
	contain the appropriate values as specified herein, the service can not
	assume any preference out of that interaction.
      </p>
      <p>
        Nevertheless, in the absence of regulatory, legal, or other
        requirements, servers MAY interpret the lack of an expressed tracking
        preference as they find most appropriate for the given user,
        particularly when considered in light of the user's privacy 
        expectations and cultural circumstances.  Likewise, servers might make
        use of other preference information outside the scope of this
        protocol, such as site-specific user preferences or third-party
        registration services, to inform or adjust their behavior when no
        explicit preference is expressedvia this protocol.
      </p>
      <p>
	In the absence of a preference expressed by the user, services are
	encouraged to use the <a
	href="#javascript_api_to_prompt_for_exceptions"> JavaScript API to
        prompt for exceptions</a> to determine the user's preference for
        further interactions.
      </p>

Received on Monday, 5 March 2012 12:49:05 UTC