RE: Are blanked exceptions usable in the EU? [ISSUE-129]

Matthias,

Yes - I believe I've echoed this in several email threads on the list.  A site-wide exception would be incredibly beneficial to publishers and may be used almost in exclusivity over strictly named 1st party / 3rd party domain value pairs.

User Granted Exceptions
Site-Specific Exception:  Known 1st Party / Known 3rd Party
Site-Wide Exception:  Known 1st Party / *
Web-Wide Exception:  * / Known 3rd Party

- Shane

From: Matthias Schunter [mailto:mts-std@schunter.org]
Sent: Monday, March 26, 2012 3:34 PM
To: public-tracking@w3.org
Subject: Re: Are blanked exceptions usable in the EU? [ISSUE-129]

Hi Shane/Kimon


thanks for your responses.

Is your suggestion (from a technology/TPE perspective), that the feature is useful (and should be there)
while it may not be usable/useful under some legislations?

This means that whether to what extent feature is actually used is up to competition/legislation/ or other factors external to the TPE document.

Nevertheless, I believe that  (if we allow an exception for "*" as a third party), a viable question is still how a user can actually find out what third parties are used at a given time by a given site.

Other opinions?


Regards,
matthias


On 26/03/2012 19:34, Shane Wiley wrote:
Ninja and I haven't had an opportunity to connect on this topic yet.

As Kimon rightly points out, there are varying EU country-level interpretations of appropriate consent expression.  My belief is for an Exchange level interaction, if the serving party is significantly limited in their data use (collected upon ad bid), then there is a fair argument that the party may be acting more as a data processor (service provider) than a controller at that moment and therefore may not need consent at all.  If you layer this on top of a broad user consent mechanism (must appropriately and fairly articulate to the user the breadth of their exception - aka "*") then this may be acceptable from an EU Data Protection Directive (and further through the draft Data Protection Regulation) - especially as tools are available within browsers today to accept or reject individual 3rd parties as they are introduced to a user.

This discussion is more rightly placed in the companion document we discussed last week as outside of the standards document.  I don't believe we should develop any country specific features for DNT and instead allow guidance for each country's legal system to begin to tease this out (many elements are in legal "grey areas").

As I believe Kimon and Ninja would agree, there is not a bright-line rule in this case and therefore there will be considerable discussion/debate on this topic (and others related to DNT) within the EU (and other legal jurisdictions, including the US).

- Shane

From: Kimon Zorbas [mailto:vp@iabeurope.eu]
Sent: Monday, March 26, 2012 12:39 PM
To: Matthias Schunter; Ninja Marnau; Shane Wiley
Cc: public-tracking@w3.org<mailto:public-tracking@w3.org>
Subject: Re: Are blanked exceptions usable in the EU? [ISSUE-129]

Hi Matthias,

I am not clear, what the purpose would be? The E-Privacy Directive is not harmonised across the EU and as a consequence there cannot be a certain answer to what consent means (or how far it goes) or how such consent can be expressed (we believe browser settings can be used but it's not that easy either). Sorry not being able to give a simple response on this.

Kind regards,
Kimon
----- Reply message -----
From: "Matthias Schunter" <mts-std@schunter.org><mailto:mts-std@schunter.org>
To: "Ninja Marnau" <ULD66@datenschutzzentrum.de><mailto:ULD66@datenschutzzentrum.de>, "Shane Wiley (yahoo)" <wileys@yahoo-inc.com><mailto:wileys@yahoo-inc.com>
Cc: "public-tracking@w3.org"<mailto:public-tracking@w3.org> <public-tracking@w3.org><mailto:public-tracking@w3.org>
Subject: Are blanked exceptions usable in the EU? [ISSUE-129]
Date: Mon, Mar 26, 2012 6:33 pm

Hi Ninja/Shane,


during our last call, you disagreed whether it is OK (=considered
sufficient consent) from an EU legal perspective that an individual
accepts an exception for "any" third party used on a given site.

While I understood there is no problem to agree to a defined list
"thirdparty1, thirdparty2, ...", there seems to be a problem if this
list is undefined.

A second question is whether an OK to 'any' is OK if the user can then
later learn what parties where actually in use.

How about either agreeing offline or else starting this discussion on
the list?

FYI: From a technical perspective, it is OK to include a function that
would not be usable in the EU, however, in this case some guidance for
sites may be helpful anyway.


Regards,

Matthias

Received on Monday, 26 March 2012 19:46:04 UTC