RE: working towards affirmative opt-in consent

Hi Rob,

Agree , the emerging consensus is useful and could be extended in Europe to meet our requirements. Although, as long as we have differentiation in the TPC, there should be a minimal possibility of 3rd parties claiming a 1st party context accidentally or purposefully. DNT qualifiers can signal the user-agent understanding of whether a resource is being accessed 1st or 3rd party so there can be independent proof.


-----Original Message-----
From: Rob van Eijk [] 
Sent: 12 October 2012 18:10
Subject: Re: working towards affirmative opt-in consent


For THIRD-party compliance with the ePrivacy directive, the EFF/Mozilla/Standford proposal looks very promising.

Also, the direction of the exception API proposal from Microsoft/Mozilla/Google during the Face-2-Face meeting in Amsterdam looks promosing to me too. I need some more time to look at it in detail if it meets criteria like integrity of the list, transparency to the user and control to the user. The revised api may tackle two problems: 
1. a move away from a pop-up dialog scenario, and 2. storage of in-browser user consent instead of a out-of-band consent scenario.

We have no disagreement when it comes to defining key definitions that fixate inter-dependent concepts. Because of the inter-dependency, these definitions need to be addressed in the compliance doc, not the global considerations note.


Roy T. Fielding schreef op 2012-10-12 09:49:
> On Oct 11, 2012, at 3:36 PM, Rob van Eijk wrote:
>> With all respect, the TPWG is working towards affirmative opt-in 
>> consent for third-party web tracking.
> It is?  How so?  Thus far, the working group has refused to define 
> tracking, refused to define DNT, refused to define what
> DNT:0 implies for a recipient, refused to require an opt-in signal be 
> implemented by browsers, refused any discussion of UI for informing 
> consent, and you and Ninja have repeatedly stated that a global 
> setting of DNT:0, even if deliberately set by a user because they just 
> don't care about pseudonymous privacy concerns, would still not 
> satisfy the EU requirements for specific and informed consent.
> Please, how on earth do you expect us to work on an affirmative opt-in 
> consent mechanism for third-party tracking when you've made it 
> unlikely that any browser-based consent mechanism will be implemented 
> and impossible for a server to use the DNT mechanisms to inform the 
> user, be specific about what is being consented, and be reasonably 
> assured that all of the consent options will be presented to that 
> user?
> What is the point of having an exception mechanism that might (if 
> anyone implements it) send a DNT:0 signal to a third-party server if 
> this group cannot agree that such a signal will indicate an explicit 
> and informed consent for data collection for a specific set of 
> purposes?
> Industry in Europe will obey the laws, but they will have to do so 
> using cookies and out-of-band consent mechanisms because some privacy 
> advocates in this working group are so consumed with 
> self-righteousness that they cannot even allow a user to make their 
> own choices.
> If you want DNT to be usable as an opt-in mechanism for EU, as I do, 
> then you need to insist that the working group defines tracking, 
> defines DNT:0, defines what it means when DNT:0 is received, and 
> requires browsers to implement that consent mechanism if they 
> implement DNT:1, at least to an extent necessary to satisfy those EU 
> laws.
> I am sick and tired of EU regulators blaming industry for lack of 
> progress on DNT when it has been the non-implementers in this group 
> that have refused to define anything necessary for obtaining specific 
> and informed consent.
> ....Roy

Received on Friday, 12 October 2012 17:39:11 UTC