Re: working towards affirmative opt-in consent


For THIRD-party compliance with the ePrivacy directive, the 
EFF/Mozilla/Standford proposal looks very promising.

Also, the direction of the exception API proposal from 
Microsoft/Mozilla/Google during the Face-2-Face meeting in Amsterdam 
looks promosing to me too. I need some more time to look at it in detail 
if it meets criteria like integrity of the list, transparency to the 
user and control to the user. The revised api may tackle two problems: 
1. a move away from a pop-up dialog scenario, and 2. storage of 
in-browser user consent instead of a out-of-band consent scenario.

We have no disagreement when it comes to defining key definitions that 
fixate inter-dependent concepts. Because of the inter-dependency, these 
definitions need to be addressed in the compliance doc, not the global 
considerations note.


Roy T. Fielding schreef op 2012-10-12 09:49:
> On Oct 11, 2012, at 3:36 PM, Rob van Eijk wrote:
>> With all respect, the TPWG is working towards affirmative opt-in 
>> consent for third-party web tracking.
> It is?  How so?  Thus far, the working group has refused to
> define tracking, refused to define DNT, refused to define what
> DNT:0 implies for a recipient, refused to require an opt-in
> signal be implemented by browsers, refused any discussion of UI
> for informing consent, and you and Ninja have repeatedly stated
> that a global setting of DNT:0, even if deliberately set by a
> user because they just don't care about pseudonymous privacy
> concerns, would still not satisfy the EU requirements for
> specific and informed consent.
> Please, how on earth do you expect us to work on an affirmative
> opt-in consent mechanism for third-party tracking when you've
> made it unlikely that any browser-based consent mechanism will be
> implemented and impossible for a server to use the DNT mechanisms
> to inform the user, be specific about what is being consented,
> and be reasonably assured that all of the consent options will
> be presented to that user?
> What is the point of having an exception mechanism that might
> (if anyone implements it) send a DNT:0 signal to a third-party
> server if this group cannot agree that such a signal will
> indicate an explicit and informed consent for data collection
> for a specific set of purposes?
> Industry in Europe will obey the laws, but they will have to do
> so using cookies and out-of-band consent mechanisms because
> some privacy advocates in this working group are so consumed
> with self-righteousness that they cannot even allow a user
> to make their own choices.
> If you want DNT to be usable as an opt-in mechanism for EU,
> as I do, then you need to insist that the working group
> defines tracking, defines DNT:0, defines what it means
> when DNT:0 is received, and requires browsers to implement
> that consent mechanism if they implement DNT:1, at least to
> an extent necessary to satisfy those EU laws.
> I am sick and tired of EU regulators blaming industry for lack
> of progress on DNT when it has been the non-implementers in
> this group that have refused to define anything necessary for
> obtaining specific and informed consent.
> ....Roy

Received on Friday, 12 October 2012 17:10:03 UTC