- From: Kimon Zorbas <vp@iabeurope.eu>
- Date: Tue, 15 May 2012 18:08:43 +0000
- To: "Roy T. Fielding" <fielding@gbiv.com>, Rigo Wenning <rigo@w3.org>
- CC: "public-tracking@w3.org Group WG" <public-tracking@w3.org>
- Message-ID: <5C8810C7-1947-4AC2-8808-1BAD5C21E46F@iabeurope.eu>
Roy, if I understand your email correctly, it seems that you infer that websites are responsible for 3rd parties activities (and hence publishers need to get consent?). Can you explain which countries you have in mind with such laws, as the Directive is not placing obligations on publishers but the entity placing the cookie. National law however might deviate. Kind regards, Kimon ----- Reply message ----- From: "Roy T. Fielding" <fielding@gbiv.com> To: "Rigo Wenning" <rigo@w3.org> Cc: "public-tracking@w3.org Group WG" <public-tracking@w3.org> Subject: tracking-ISSUE-147: Transporting Consent via the Exception / DNT mechanisms [Global Considerations] Date: Tue, May 15, 2012 7:59 pm On May 15, 2012, at 12:56 AM, Rigo Wenning wrote: > This is not true. If the origin server has received a DNT;0 header, we also > assume that the user has given his/her consent to be tracked. This goes way > beyond what would be the situation without header. Consent to be tracked means data about their activity can be collected. That does not say how it can be used. The EU regulations, individual state regulations, and proposed US policies all require that the consent be contextual/informed (the user knows why it is being requested and how the data will be used) and that any use or sharing outside of the established consent/context requires an additional consent. In other words, the DNT protocol as currently defined provides no utility whatsoever to publishers for meeting those regulations without a separate consent mechanism that details the purpose, and if we have a separate consent mechanism then we don't need DNT. Hence, this is now a critical issue. DNT needs to deal with data usage purposes or limit its scope to one purpose. A lot of people (including Rigo) assume that DNT is specific to advertising. That simply isn't the case. It is not true of our documents, it is not true of the regulations, and it is not true for the composition of our WG. If DNT was "Do Not Target Ads", then it would be true, and I wouldn't be here. I'll be perfectly happy to resolve this issue by the WG declaring that all of the non-OBA uses of tracking are outside the scope of DNT. Cheers, ....Roy
Received on Tuesday, 15 May 2012 18:09:26 UTC