Re: tracking-ISSUE-148: What does DNT:0 mean? [Tracking Definitions and Compliance] from Rigo Wenning on 2012-05-31 (public-tracking@w3.org from May 2012)

From: Rigo Wenning <rigo@w3.org>
Date: Fri, 01 Jun 2012 01:44:51 +0200
To: public-tracking@w3.org, Kimon Zorbas <vp@iabeurope.eu>
Cc: David Singer <singer@apple.com>, "Roy T. Fielding" <fielding@gbiv.com>
Message-ID: <2522564.Akm3ej9PRZ@hegel.sophia.w3.org>

David, Roy, 

there is a very good reason why we need to define what DNT;0 means IMHO. And 
this reason lies mainly with the functionality that DNT offers for the EU 
market and other regulated markets like Japan or Australia. 

Matthias raised this issue already as ISSUE-147. He mainly said that 
currently (and without a definition) DNT;0 just means you are liberated from 
the constraints of the compliance specification. 

What does that mean? 

In the US market, this means that everybody can do everything with the data 
received unless there is a specific context (HIPAA, Banking etc)

In the EU market it would mean that it falls back to the law that prohibits 
storing information on the user device unless there is some user consent. So 
mainly, DNT would not do any good in the EU system. 

So defining DNT;0 will actually give the industry _more_ permissions. And it 
should only be an "at least" definition. So if in a restrictive regulatory 
environment, "at least" the necessary functions of the eco-system work if 
the user agrees to it by sending DNT;0

This is why this is extremely important to make DNT a save haven for 
industry once you receive a DNT;0 It also transforms DNT from a pure stick 
also into a carrot. 

Best, 

Rigo

On Wednesday 30 May 2012 17:12:19 David Singer wrote:
> On May 30, 2012, at 17:03 , Roy T. Fielding wrote:
> > On May 30, 2012, at 4:54 PM, David Singer wrote:
> >> I think it means something like "I am aware of DNT but I am choosing
> >> not to send you a DNT (DNT:1) request", whereas absence of a DNT
> >> header might mean I am unaware of DNT or choose not to send any DNT
> >> header at all.> 
> > Such a message would have no value, for anyone.  Presumably, we have
> > a user granted exceptions mechanism in order to do something useful
> > once the exception is granted.  If we can't say what that bit of
> > usefulness is, then we don't need an exception mechanism and the
> > spec gets a whole lot simpler.
> 
> It means something, if only by contrast that it's not DNT:1.  Other people
> may be getting DNT:1;  you're not. From a behavioral point of view, you
> can behave as if you got not DNT header at all, except I would like to
> find confirmation that you saw my DNT:0 (so I can tell if you claim to
> have seen a DNT:0 when I don't think I sent it).
> 
> What I am saying is that I think trying to read more into what you are
> permitted to do, than if no DNT was sent, is a tar-pit.
> 
> David Singer
> Multimedia and Software Standards, Apple Inc.

Received on Thursday, 31 May 2012 23:45:21 UTC