W3C home > Mailing lists > Public > public-tracking@w3.org > May 2012

Re: tracking-ISSUE-147: Transporting Consent via the Exception / DNT mechanisms [Global Considerations]

From: Roy T. Fielding <fielding@gbiv.com>
Date: Tue, 15 May 2012 15:35:29 -0700
Cc: "public-tracking@w3.org Group WG" <public-tracking@w3.org>
Message-Id: <2BD90FA6-26AB-4560-BCD8-BB57890816F4@gbiv.com>
To: Kimon Zorbas <vp@iabeurope.eu>
On May 15, 2012, at 11:08 AM, Kimon Zorbas wrote:

> if I understand your email correctly, it seems that you infer that websites are responsible for 3rd parties activities (and hence publishers need to get consent?).

No, that's not what I meant.  They might be responsible, depending
on the nature of the embedded links, but that is not what I was
talking about.

Data controllers need consent that covers a given purpose.
Having consent to identify the user agent for the purpose of analytics
does not imply that the data controller can reuse the data collected
for different purposes, such as adaptive content, retargeting, or OBA.
Having consent to perform tracking does not imply that the data
obtained from tracking can be used for some purpose (tracking is
not, in and of itself, a purpose -- it is just a mechanism used
to obtain the data).

Hence, DNT transmitting consent without also indicating the purposes
to which that consent applies is useless in any of the regions for
which prior informed consent is required.  And we can't ask for
"all purposes", for reasons already discussed.

I used the term publisher because I am very familiar with their
requirements. The same requirements apply to any data controller,
such as a third-party ad selector, but I am less familiar with
how they process consent (if at all) today.


Received on Tuesday, 15 May 2012 22:35:58 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:38:42 UTC