- From: Rob van Eijk <rob@blaeu.com>
- Date: Fri, 04 May 2012 08:52:37 +0200
- To: public-tracking@w3.org
- Message-ID: <4FA37CB5.80705@blaeu.com>
Kimon, Ian, I agree the two do not need to be coupled so closely. But it is an invitation to look it freshly. The topic at hand is to write up more detailed list of use cases for origin/origin exceptions. Nick and Jonathan did an excellent job to start this thread. Every technical aspect in the TPE that can ease the hurdle of 5.3 compliance should be taken seriously in my view. So I respectfully ask to not shift it to the out-of-scope bin too fast. Rob On 4-5-2012 0:37, Ian Fette (イアンフェッティ) wrote: > I also think that a site is fully capable of describing its practices > outside of the context of the request for exceptions. The two need not > be coupled so closely. > > On Thu, May 3, 2012 at 3:27 PM, Kimon Zorbas <vp@iabeurope.eu > <mailto:vp@iabeurope.eu>> wrote: > > Rob, > > Are we not mixing up legal and technical issues here? I am not > sure I understand how consent can be handled the way you describe, > given differing and inconsistent transpositions (and some missing) > of the E-Privacy Directive. While I'd be excited having a > technical solution to the the legal challenge, I'm not optimistic > this can be resolved here. > > Kind regards, > Kimon > > Kimon Zorbas Vice President IAB Europe > > IAB Europe - The Egg > Rue Barastraat 175 > 1070 Brussels - Belgium > Phone +32 (0)2 5265 568 <tel:%2B32%20%280%292%205265%20568> > Mob +32 494 34 91 68 <tel:%2B32%20494%2034%2091%2068> > Fax +32 2 526 55 60 <tel:%2B32%202%20526%2055%2060> > vp@iabeurope.eu <mailto:vp@iabeurope.eu> > Twitter: @kimon_zorbas > > www.iabeurope.eu <http://www.iabeurope.eu> and > www.interactcongress. eu > > IAB Europe supports the .eu domain name www.eurid.eu > <http://www.eurid.eu> > > IAB Europe is supported by: > > Austria, Belgium, Bulgaria, Croatia, Czech Republic, Denmark, > Finland, France, Germany, Greece, Hungary, Ireland, Italy, > Netherlands, Norway, Poland, Romania, Russia, Serbia, Slovakia, > Slovenia, Spain, Sweden, Switzerland, Turkey, Ukraine and United > Kingdom representing their 5.000 members. The IAB network > represents over 90% of European digital revenues and is acting as > voice for the industry at National and European level. > > IAB Europe is powered by: > > Adconion Media Group, Adobe, ADTECH, Alcatel-Lucent, AOL > Advertising Europe, AudienceScience, BBCAdvertising, CNN, comScore > Europe, CPX Interactive, Criteo, eBay International Advertising, > Expedia Inc, Fox Interactive Media, Gemius, Goldbach Media Group, > Google, GroupM, Hi-Media, Koan, Microsoft Europe, Millward Brown, > News Corporation, nugg.ad <http://nugg.ad>, Nielsen Online, OMD, > Orange Advertising Network, PHD,Prisa, Publicitas Europe, Quisma, > Sanoma Digital, Selligent, TradeDoubler, Triton Digital, United > Internet Media, ValueClick, Verisign, Viacom International Media > Networks, White & Case, Yahoo! and zanox. > > IAB Europe is associated with: Advance International Media, > Banner, Emediate, NextPerformance, Right Media, Tribal Fusion and > Turn Europe > > > ----- Reply message ----- > From: "Rob van Eijk" <rob@blaeu.com <mailto:rob@blaeu.com>> > To: "public-tracking@w3.org <mailto:public-tracking@w3.org>" > <public-tracking@w3.org <mailto:public-tracking@w3.org>> > Subject: ACTION-172: Write up more detailed list of use cases for > origin/origin exceptions > Date: Fri, May 4, 2012 12:06 am > > > > Explicit/explicit gives Controllers the opportunity to signal > which 3rd parties are processors. Because the controller > determines the purpose and means, controller is responsible for > valid consent in the EU. > > So my use case [A] would be: a DNT:0 signal sent to the limited > and known list of processors, who are bound by a legal contract, > i.e. the processor agreement. In my opinion, this is not the use > case to use the '*' parameter, i.e. MUST NOT be used. In this case > the list [Inc_A,Inc_B,...,Inc_Z] SHOULD/MUST be used. > > Use case [B]: a DNT:0 signal to service providers, not being > processors, but as a result controllers themselves or in some > cases joint controller. It could be useful, but I haven't given it > a lot of thought. My assumption for DNT:0 to be useful in this > scenario is that the browser reflects user consent. This implies > that the user has made an informed choice, preferably in the > install/update flow of the browser to use DNT technology as a > granular consent expression mechanism. > > Rob > > > On 2-5-2012 9:54, Nicholas Doty wrote: > >>> * Separate data controllers in EU jurisdictions > >>> >> A DNT:0 signal sent to a third-party service in the EU > might usefully be interpreted as consent for independent use by > that thid-party (that the service would itself be a data > controller, not just a processor). EU regulations, however, may > require that this consent be specific to the party rather than > site-wide. (Suggested by Ninja, who may be able to add more detail.) > >> > > >> > Importance: Medium > >> > > >> > Design Notes: > >> > I agree that being able to provide consent via DNT is useful. > I cannot > >> > judge what extent explicit/explicit is needed or whether a > site-wide > >> > exception would also be considered consent. An important > question in > >> > this use case is what responsibilities (under EU law) are > implied from > >> > the corresponding "Trust myself and my third parties" statement. > > I also welcome input from Ninja, Rob and others on this issue. > > > > >
Received on Friday, 4 May 2012 06:53:09 UTC