Re: tracking-ISSUE-147: Transporting Consent via the Exception / DNT mechanisms [Global Considerations] from Matthias Schunter on 2012-05-22 (public-tracking@w3.org from May 2012)

From: Matthias Schunter <mts-std@schunter.org>
Date: Tue, 22 May 2012 16:29:23 +0200
To: JC Cannon <jccannon@microsoft.com>
CC: David Singer <singer@apple.com>, Rigo Wenning <rigo@w3.org>, "Roy T. Fielding" <fielding@gbiv.com>, "public-tracking@w3.org Group WG" <public-tracking@w3.org>
Message-ID: <4FBBA2C3.4090004@schunter.org>

+1 The fact that DNT;0 is only sent after asking the user is important
to enable us to piggyback consent onto it.



On 21/05/2012 17:23, JC Cannon wrote:
> I would expect that DNT;0 would only be sent to domains that have an exception, not all the time. Of course that is dependent on browser implementation.
>
> JC
>
> -----Original Message-----
> From: David Singer [mailto:singer@apple.com] 
> Sent: Monday, May 21, 2012 7:20 AM
> To: Rigo Wenning
> Cc: Roy T. Fielding; public-tracking@w3.org Group WG
> Subject: Re: tracking-ISSUE-147: Transporting Consent via the Exception / DNT mechanisms [Global Considerations]
>
>
> On May 21, 2012, at 16:17 , Rigo Wenning wrote:
>
>> David,
>>
>> Roy is right in saying that we currently do not define what DNT;0 means. 
>> From a US perspective, falling back to the legal default means 
>> everything is permitted. Falling back in the EU would probably be as 
>> restrictive as DNT;1 or even more so.
>>
>> Consequently I think we should add a section to describe things that 
>> _at least_ allowed if DNT;0 is sent. This way we do not have to define 
>> tracking entirely, but we state that we expect _at least_ that certain 
>> things must be permitted and are expected to occur.
>>
>> This would also somewhat resolve the "informed consent" issue Roy was 
>> raising.
>>
>> Rigo
> OK, got it.
>
> There is still a formal difference between "no header sent, our spec. does not apply" and "dnt:0 sent, our spec. defines what that means"; however, it may not be a practical difference
>
>> On Monday 21 May 2012 14:43:29 David Singer wrote:
>>> C: I send DNT:0; I am explicitly stating that I grant you an 
>>> exception and can track me.
>>>
>>> At the moment, after an exception grant by the user, we switch from 
>>> DNT:1 to DNT:0, and so I have no way of saying "I ask everyone else 
>>> not to track me, but I am not asking you anything."  Instead, we say 
>>> "I am asking you to comply with the behavior defined for DNT:0" 
>>> (which might well be different from no header).
>>>
>>> Whether this matters or not, I don't know, but we are a little 
>>> confused, in that the converse of DNT:1 is the absence of a header, 
>>> not DNT:0, in some cases.
> David Singer
> Multimedia and Software Standards, Apple Inc.
>
>
>
>
>

Received on Tuesday, 22 May 2012 14:30:13 UTC