Re: ACTION-172: Write up more detailed list of use cases for origin/origin exceptions

Rob, 

On Friday 04 May 2012 00:05:38 Rob van Eijk wrote:
> Explicit/explicit gives Controllers the opportunity to signal which 3rd
> parties are processors. Because the controller determines the purpose and
> means, controller is responsible for valid consent in the EU.

I think that explicit/explicit allows to determine the number of 
controllers. 

For processors You would use 
"same-party": [
    "example.com",
    "example_vids.net",
    "example_stats.com"
  ]
to indicate them. Because from a DNT point of view, a controller and her 
processors are one bucket-entity. Here DNT may serve as a consent mechanism 
also for the first party. (An optional beneficial use, an enabler in EU, not 
DNT for first parties in the US)
[...]
> 
> Use case [B]: a DNT:0 signal to service providers, not being processors,
> but as a result controllers themselves or in some cases joint controller.

This is the case I have in mind. To monetize the content, the site has P 1-4 
but at least wants to have P1 and P2 to receive DNT;0

> It could be useful, but I haven't given it a lot of thought. 

The question for me is: 
1/ Self determination means I can send DNT;0 to P1-3 and DNT;1 to P4. The 
normal shortcut would be "*" meaning P1-4
2/ "*" alone is not a list of controllers. The consent would be for an 
undefined object that changes dynamically over time. Is that missing 
determination of controllers at communication time a problem for the 
consent?

> My
> assumption for DNT:0 to be useful in this scenario is that the browser
> reflects user consent. This implies that the user has made an informed
> choice, preferably in the install/update flow of the browser to use DNT
> technology as a granular consent expression mechanism.

This is the goal if we want to make DNT in any way useful for the EU market.

Rigo

Received on Friday, 4 May 2012 15:54:21 UTC