- From: Roy T. Fielding <fielding@gbiv.com>
- Date: Tue, 15 May 2012 15:35:29 -0700
- To: Kimon Zorbas <vp@iabeurope.eu>
- Cc: "public-tracking@w3.org Group WG" <public-tracking@w3.org>
- Message-Id: <2BD90FA6-26AB-4560-BCD8-BB57890816F4@gbiv.com>
On May 15, 2012, at 11:08 AM, Kimon Zorbas wrote: > if I understand your email correctly, it seems that you infer that websites are responsible for 3rd parties activities (and hence publishers need to get consent?). No, that's not what I meant. They might be responsible, depending on the nature of the embedded links, but that is not what I was talking about. Data controllers need consent that covers a given purpose. Having consent to identify the user agent for the purpose of analytics does not imply that the data controller can reuse the data collected for different purposes, such as adaptive content, retargeting, or OBA. Having consent to perform tracking does not imply that the data obtained from tracking can be used for some purpose (tracking is not, in and of itself, a purpose -- it is just a mechanism used to obtain the data). Hence, DNT transmitting consent without also indicating the purposes to which that consent applies is useless in any of the regions for which prior informed consent is required. And we can't ask for "all purposes", for reasons already discussed. I used the term publisher because I am very familiar with their requirements. The same requirements apply to any data controller, such as a third-party ad selector, but I am less familiar with how they process consent (if at all) today. ....Roy
Received on Tuesday, 15 May 2012 22:35:58 UTC