- From: Jonathan Mayer <jmayer@stanford.edu>
- Date: Tue, 15 May 2012 16:53:11 -0700
- To: JC Cannon <jccannon@microsoft.com>
- Cc: "Roy T. Fielding" <fielding@gbiv.com>, Kimon Zorbas <vp@iabeurope.eu>, "public-tracking@w3.org Group WG" <public-tracking@w3.org>
- Message-ID: <085914A0C0654A5293B8C2528CFEB45A@gmail.com>
We've occasionally discussed support for human-readable explanation in the exception API. A variety of (not mutually exclusive) options have been kicked around, including explanatory text, an explanatory iframe, and a link to an explanation. I'm in favor. If a website needs to recall which explanation it displayed, it can use a low-entropy cookie or equivalent. Jonathan On Tuesday, May 15, 2012 at 4:07 PM, JC Cannon wrote: > > [Roy] And we can't ask for "all purposes", for reasons already discussed. > > > > > > Are we able request consent for “permitted uses” and provide a link to those uses? > > > > > > Thanks, > > > JC > > > > > > From: Roy T. Fielding [mailto:fielding@gbiv.com] > Sent: Tuesday, May 15, 2012 3:35 PM > To: Kimon Zorbas > Cc: public-tracking@w3.org Group WG > Subject: Re: tracking-ISSUE-147: Transporting Consent via the Exception / DNT mechanisms [Global Considerations] > > > > > > > > On May 15, 2012, at 11:08 AM, Kimon Zorbas wrote: > > > > > > > > > if I understand your email correctly, it seems that you infer that websites are responsible for 3rd parties activities (and hence publishers need to get consent?). > > > > > > > > > No, that's not what I meant. They might be responsible, depending > > > > on the nature of the embedded links, but that is not what I was > > > > talking about. > > > > > > > > Data controllers need consent that covers a given purpose. > > > > Having consent to identify the user agent for the purpose of analytics > > > > does not imply that the data controller can reuse the data collected > > > > for different purposes, such as adaptive content, retargeting, or OBA. > > > > Having consent to perform tracking does not imply that the data > > > > obtained from tracking can be used for some purpose (tracking is > > > > not, in and of itself, a purpose -- it is just a mechanism used > > > > to obtain the data). > > > > > > > > Hence, DNT transmitting consent without also indicating the purposes > > > > to which that consent applies is useless in any of the regions for > > > > which prior informed consent is required. And we can't ask for > > > > "all purposes", for reasons already discussed. > > > > > > > > I used the term publisher because I am very familiar with their > > > > requirements. The same requirements apply to any data controller, > > > > such as a third-party ad selector, but I am less familiar with > > > > how they process consent (if at all) today. > > > > > > > > ....Roy > > > > > > > > >
Received on Tuesday, 15 May 2012 23:53:49 UTC