- From: Matthias Schunter <mts-std@schunter.org>
- Date: Mon, 14 May 2012 15:14:57 +0200
- To: rob@blaeu.com
- CC: public-tracking@w3.org
- Message-ID: <4FB10551.20904@schunter.org>
Hi Folks, I tend to agree with Rob: If we can provide a standardised protocol that may be used to simplify collection of consent, then this would be useful for users (improved usability) and sites (standard approach). Regards, matthias On 04/05/2012 08:52, Rob van Eijk wrote: > Kimon, Ian, > > I agree the two do not need to be coupled so closely. But it is an > invitation to look it freshly. The topic at hand is to write up more > detailed list of use cases for origin/origin exceptions. Nick and > Jonathan did an excellent job to start this thread. > > Every technical aspect in the TPE that can ease the hurdle of 5.3 > compliance should be taken seriously in my view. > So I respectfully ask to not shift it to the out-of-scope bin too fast. > > Rob > > On 4-5-2012 0:37, Ian Fette (イアンフェッティ) wrote: >> I also think that a site is fully capable of describing its practices >> outside of the context of the request for exceptions. The two need >> not be coupled so closely. >> >> On Thu, May 3, 2012 at 3:27 PM, Kimon Zorbas <vp@iabeurope.eu >> <mailto:vp@iabeurope.eu>> wrote: >> >> Rob, >> >> Are we not mixing up legal and technical issues here? I am not >> sure I understand how consent can be handled the way you >> describe, given differing and inconsistent transpositions (and >> some missing) of the E-Privacy Directive. While I'd be excited >> having a technical solution to the the legal challenge, I'm not >> optimistic this can be resolved here. >> >> Kind regards, >> Kimon >> >> Kimon Zorbas Vice President IAB Europe >> >> IAB Europe - The Egg >> Rue Barastraat 175 >> 1070 Brussels - Belgium >> Phone +32 (0)2 5265 568 <tel:%2B32%20%280%292%205265%20568> >> Mob +32 494 34 91 68 <tel:%2B32%20494%2034%2091%2068> >> Fax +32 2 526 55 60 <tel:%2B32%202%20526%2055%2060> >> vp@iabeurope.eu <mailto:vp@iabeurope.eu> >> Twitter: @kimon_zorbas >> >> www.iabeurope.eu <http://www.iabeurope.eu> and >> www.interactcongress. eu >> >> IAB Europe supports the .eu domain name www.eurid.eu >> <http://www.eurid.eu> >> >> IAB Europe is supported by: >> >> Austria, Belgium, Bulgaria, Croatia, Czech Republic, Denmark, >> Finland, France, Germany, Greece, Hungary, Ireland, Italy, >> Netherlands, Norway, Poland, Romania, Russia, Serbia, Slovakia, >> Slovenia, Spain, Sweden, Switzerland, Turkey, Ukraine and United >> Kingdom representing their 5.000 members. The IAB network >> represents over 90% of European digital revenues and is acting as >> voice for the industry at National and European level. >> >> IAB Europe is powered by: >> >> Adconion Media Group, Adobe, ADTECH, Alcatel-Lucent, AOL >> Advertising Europe, AudienceScience, BBCAdvertising, CNN, >> comScore Europe, CPX Interactive, Criteo, eBay International >> Advertising, Expedia Inc, Fox Interactive Media, Gemius, Goldbach >> Media Group, Google, GroupM, Hi-Media, Koan, Microsoft Europe, >> Millward Brown, News Corporation, nugg.ad <http://nugg.ad>, >> Nielsen Online, OMD, Orange Advertising Network, PHD,Prisa, >> Publicitas Europe, Quisma, Sanoma Digital, Selligent, >> TradeDoubler, Triton Digital, United Internet Media, ValueClick, >> Verisign, Viacom International Media Networks, White & Case, >> Yahoo! and zanox. >> >> IAB Europe is associated with: Advance International Media, >> Banner, Emediate, NextPerformance, Right Media, Tribal Fusion and >> Turn Europe >> >> >> ----- Reply message ----- >> From: "Rob van Eijk" <rob@blaeu.com <mailto:rob@blaeu.com>> >> To: "public-tracking@w3.org <mailto:public-tracking@w3.org>" >> <public-tracking@w3.org <mailto:public-tracking@w3.org>> >> Subject: ACTION-172: Write up more detailed list of use cases for >> origin/origin exceptions >> Date: Fri, May 4, 2012 12:06 am >> >> >> >> Explicit/explicit gives Controllers the opportunity to signal >> which 3rd parties are processors. Because the controller >> determines the purpose and means, controller is responsible for >> valid consent in the EU. >> >> So my use case [A] would be: a DNT:0 signal sent to the limited >> and known list of processors, who are bound by a legal contract, >> i.e. the processor agreement. In my opinion, this is not the use >> case to use the '*' parameter, i.e. MUST NOT be used. In this >> case the list [Inc_A,Inc_B,...,Inc_Z] SHOULD/MUST be used. >> >> Use case [B]: a DNT:0 signal to service providers, not being >> processors, but as a result controllers themselves or in some >> cases joint controller. It could be useful, but I haven't given >> it a lot of thought. My assumption for DNT:0 to be useful in this >> scenario is that the browser reflects user consent. This implies >> that the user has made an informed choice, preferably in the >> install/update flow of the browser to use DNT technology as a >> granular consent expression mechanism. >> >> Rob >> >> >> On 2-5-2012 9:54, Nicholas Doty wrote: >> >>> * Separate data controllers in EU jurisdictions >> >>> >> A DNT:0 signal sent to a third-party service in the EU >> might usefully be interpreted as consent for independent use by >> that thid-party (that the service would itself be a data >> controller, not just a processor). EU regulations, however, may >> require that this consent be specific to the party rather than >> site-wide. (Suggested by Ninja, who may be able to add more detail.) >> >> > >> >> > Importance: Medium >> >> > >> >> > Design Notes: >> >> > I agree that being able to provide consent via DNT is >> useful. I cannot >> >> > judge what extent explicit/explicit is needed or whether a >> site-wide >> >> > exception would also be considered consent. An important >> question in >> >> > this use case is what responsibilities (under EU law) are >> implied from >> >> > the corresponding "Trust myself and my third parties" statement. >> > I also welcome input from Ninja, Rob and others on this issue. >> > >> >> >> >
Received on Monday, 14 May 2012 13:15:22 UTC