- From: David Singer <singer@apple.com>
- Date: Mon, 21 May 2012 14:43:29 +0200
- To: "Roy T. Fielding" <fielding@gbiv.com>
- Cc: Rigo Wenning <rigo@w3.org>, "public-tracking@w3.org Group WG" <public-tracking@w3.org>
On May 15, 2012, at 19:58 , Roy T. Fielding wrote: > On May 15, 2012, at 12:56 AM, Rigo Wenning wrote: > >> This is not true. If the origin server has received a DNT;0 header, we also >> assume that the user has given his/her consent to be tracked. This goes way >> beyond what would be the situation without header. > > Consent to be tracked means data about their activity can be > collected. That does not say how it can be used. The EU regulations, > individual state regulations, and proposed US policies all require > that the consent be contextual/informed (the user knows why it is > being requested and how the data will be used) and that any use or > sharing outside of the established consent/context requires an > additional consent. > I think I am with Rigo here. There are three possible states: A: I send DNT:1; I am explicitly asking not to be tracked; B: I do not send a DNT header at all; whatever regulations, practices etc. that apply in the absence of DNT, apply here; probably, some tracking can occur; C: I send DNT:0; I am explicitly stating that I grant you an exception and can track me. At the moment, after an exception grant by the user, we switch from DNT:1 to DNT:0, and so I have no way of saying "I ask everyone else not to track me, but I am not asking you anything." Instead, we say "I am asking you to comply with the behavior defined for DNT:0" (which might well be different from no header). Whether this matters or not, I don't know, but we are a little confused, in that the converse of DNT:1 is the absence of a header, not DNT:0, in some cases. David Singer Multimedia and Software Standards, Apple Inc.
Received on Monday, 21 May 2012 12:44:22 UTC