RE: tracking-ISSUE-147: Transporting Consent via the Exception / DNT mechanisms [Global Considerations] from JC Cannon on 2012-05-21 (public-tracking@w3.org from May 2012)

From: JC Cannon <jccannon@microsoft.com>
Date: Mon, 21 May 2012 15:23:32 +0000
To: David Singer <singer@apple.com>, Rigo Wenning <rigo@w3.org>
CC: "Roy T. Fielding" <fielding@gbiv.com>, "public-tracking@w3.org Group WG" <public-tracking@w3.org>
Message-ID: <BB17D596C94A854E9EE4171D33BBCC81B1296B@TK5EX14MBXC125.redmond.corp.microsoft.co>

I would expect that DNT;0 would only be sent to domains that have an exception, not all the time. Of course that is dependent on browser implementation.

JC

-----Original Message-----
From: David Singer [mailto:singer@apple.com] 
Sent: Monday, May 21, 2012 7:20 AM
To: Rigo Wenning
Cc: Roy T. Fielding; public-tracking@w3.org Group WG
Subject: Re: tracking-ISSUE-147: Transporting Consent via the Exception / DNT mechanisms [Global Considerations]


On May 21, 2012, at 16:17 , Rigo Wenning wrote:

> David,
> 
> Roy is right in saying that we currently do not define what DNT;0 means. 
> From a US perspective, falling back to the legal default means 
> everything is permitted. Falling back in the EU would probably be as 
> restrictive as DNT;1 or even more so.
> 
> Consequently I think we should add a section to describe things that 
> _at least_ allowed if DNT;0 is sent. This way we do not have to define 
> tracking entirely, but we state that we expect _at least_ that certain 
> things must be permitted and are expected to occur.
> 
> This would also somewhat resolve the "informed consent" issue Roy was 
> raising.
> 
> Rigo

OK, got it.

There is still a formal difference between "no header sent, our spec. does not apply" and "dnt:0 sent, our spec. defines what that means"; however, it may not be a practical difference

> On Monday 21 May 2012 14:43:29 David Singer wrote:
>> C: I send DNT:0; I am explicitly stating that I grant you an 
>> exception and can track me.
>> 
>> At the moment, after an exception grant by the user, we switch from 
>> DNT:1 to DNT:0, and so I have no way of saying "I ask everyone else 
>> not to track me, but I am not asking you anything."  Instead, we say 
>> "I am asking you to comply with the behavior defined for DNT:0" 
>> (which might well be different from no header).
>> 
>> Whether this matters or not, I don't know, but we are a little 
>> confused, in that the converse of DNT:1 is the absence of a header, 
>> not DNT:0, in some cases.

David Singer
Multimedia and Software Standards, Apple Inc.

Received on Monday, 21 May 2012 15:24:49 UTC