- From: Rob van Eijk <rob@blaeu.com>
- Date: Wed, 02 May 2012 23:22:59 +0200
- To: Tracking Protection Working Group <public-tracking@w3.org>
On 25-4-2012 23:54, Tracking Protection Working Group Issue Tracker wrote: > tracking-ISSUE-143 (Reciprocal Consent): Activating a Tracking Preference must require explicit, informed consent from a user [Tracking Preference Expression (DNT)] > > http://www.w3.org/2011/tracking-protection/track/issues/143 > > Raised by: Shane Wiley > On product: Tracking Preference Expression (DNT) > > As we've developed draft text for obtaining explicit, informed consent from a user for out-of-bound user granted exceptions, it's equally important that activation of a tracking preference be coupled with the same explicit, informed consent. > > For example, activating a tracking preference should require explicit language identifying this as an option and informing the user of the scope of the option's application. > > For example, an security software package should NOT activate DNT by default (with an explanation buried deeply in their TOS or help center) and the user must explicitly select this option upon install/use of the product. > > Using this same test, I don't believe there is "explicit, informed" consent from users activating DNT within IE9's Traffic Protection Lists and this should be called out when a TPL is activated. > > To further support this view, much like response headers allow a party to respond to articulate when they've received out-of-band consent, I request that a similar element be added to request headers. In this model, a new data element would need to be added (perhaps in the extension) for a party to articulate that they have captured a user's consent to activate DNT and identify themselves in this manner as the "capturee" of the consent. It'll be vital that web browser vendors lock down the ability for a 3rd party tool or extension to mimic their signature in this process and only allow 3rd party tools to activate DNT on a user's behalf by articulating who they are. > > This way, if industry feels a party is inappropriately setting a tracking preference, we can take steps to discover which headers are coming from this party and take steps to request the party move to an "explicit, informed" consent model prior to honoring the DNT headers coming from the implementation of their tool. > > > > friendly amendment: If explicit consent is given during the install/update flow of the browser, the tracking preference for expressing consent must be considered valid for all parties. This way, as a starting point before surfing the web, a fair balance of business and privacy interests can be created. Rob
Received on Wednesday, 2 May 2012 21:23:25 UTC