Re: tracking-ISSUE-147: Transporting Consent via the Exception / DNT mechanisms [Global Considerations] from Jonathan Mayer on 2012-05-15 (public-tracking@w3.org from May 2012)

From: Jonathan Mayer <jmayer@stanford.edu>
Date: Tue, 15 May 2012 16:53:11 -0700
To: JC Cannon <jccannon@microsoft.com>
Cc: "Roy T. Fielding" <fielding@gbiv.com>, Kimon Zorbas <vp@iabeurope.eu>, "public-tracking@w3.org Group WG" <public-tracking@w3.org>
Message-ID: <085914A0C0654A5293B8C2528CFEB45A@gmail.com>

We've occasionally discussed support for human-readable explanation in the exception API. A variety of (not mutually exclusive) options have been kicked around, including explanatory text, an explanatory iframe, and a link to an explanation. I'm in favor. If a website needs to recall which explanation it displayed, it can use a low-entropy cookie or equivalent.

Jonathan  


On Tuesday, May 15, 2012 at 4:07 PM, JC Cannon wrote:

>  
> [Roy] And we can't ask for "all purposes", for reasons already discussed.
>  
>  
>   
>  
>  
> Are we able request consent for “permitted uses” and provide a link to those uses?
>  
>  
>   
>  
>  
> Thanks,
>  
>  
> JC
>  
>  
>   
>  
>  
> From: Roy T. Fielding [mailto:fielding@gbiv.com]  
> Sent: Tuesday, May 15, 2012 3:35 PM
> To: Kimon Zorbas
> Cc: public-tracking@w3.org Group WG
> Subject: Re: tracking-ISSUE-147: Transporting Consent via the Exception / DNT mechanisms [Global Considerations]
>  
>  
>  
>  
>   
>  
>  
> On May 15, 2012, at 11:08 AM, Kimon Zorbas wrote:
>  
>  
>  
>  
>  
>  
>  
>  
> if I understand your email correctly, it seems that you infer that websites are responsible for 3rd parties activities (and hence publishers need to get consent?).
>  
>  
>  
>  
>   
>  
>  
>  
> No, that's not what I meant.  They might be responsible, depending
>  
>  
>  
> on the nature of the embedded links, but that is not what I was
>  
>  
>  
> talking about.
>  
>  
>  
>   
>  
>  
>  
> Data controllers need consent that covers a given purpose.
>  
>  
>  
> Having consent to identify the user agent for the purpose of analytics
>  
>  
>  
> does not imply that the data controller can reuse the data collected
>  
>  
>  
> for different purposes, such as adaptive content, retargeting, or OBA.
>  
>  
>  
> Having consent to perform tracking does not imply that the data
>  
>  
>  
> obtained from tracking can be used for some purpose (tracking is
>  
>  
>  
> not, in and of itself, a purpose -- it is just a mechanism used
>  
>  
>  
> to obtain the data).
>  
>  
>  
>   
>  
>  
>  
> Hence, DNT transmitting consent without also indicating the purposes
>  
>  
>  
> to which that consent applies is useless in any of the regions for
>  
>  
>  
> which prior informed consent is required.  And we can't ask for
>  
>  
>  
> "all purposes", for reasons already discussed.
>  
>  
>  
>   
>  
>  
>  
> I used the term publisher because I am very familiar with their
>  
>  
>  
> requirements. The same requirements apply to any data controller,
>  
>  
>  
> such as a third-party ad selector, but I am less familiar with
>  
>  
>  
> how they process consent (if at all) today.
>  
>  
>  
>   
>  
>  
>  
> ....Roy
>  
>  
>  
>   
>  
>  
>  
>  
>

Received on Tuesday, 15 May 2012 23:53:49 UTC