- From: Rigo Wenning <rigo@w3.org>
- Date: Wed, 24 Oct 2012 18:54:54 +0200
- To: "Amy Colando (LCA)" <acolando@microsoft.com>
- Cc: "public-tracking@w3.org" <public-tracking@w3.org>, "rob@blaeu.com" <rob@blaeu.com>
Amy, I think the hole is created by trying to make a transition into a general rule. If you need to track and you're not a first party, you either need to action the API and get consent or you need a permitted use. If you have neither, you can't deliver the service or you can't implement DNT. Having a general opening for agreements is just displacing the consensus from this group into any arbitrary contract negotiation between two businesses that will then determine what DNT means to the user. But the users in our case assume that it means what is written in the compliance specification without the opening. This will lead to huge surprises IMHO. So we should add some transition on the one hand into an annex of the compliance document. I think nobody ever disputed: 1/ that law trumps DNT 2/ that data collection necessary for the service delivery can occur Point 2/ is even written down in the ePrivacy Directive. And we shouldn't be stricter. But your statement goes beyond. So my suggestion would be to change the specification text to: Where data collection is required by law directly and not via contractual obligations, this law will prevail over the rules of this specification. We could write explanatory prose on how to handle cases. Rigo On Wednesday 24 October 2012 16:23:40 Amy Colando wrote: > Hi Rigo and Rob, the intent behind this language is certainly not > to override DNT in a very broad way. We tried to address the > concern regarding contracts in the non-normative text by > differentiating between existing and new contractual obligations, > which is a concept we have discussed in a few face-to-face > meetings. Alternative text submissions or modifications would be > helpful to move forward.
Received on Wednesday, 24 October 2012 16:55:26 UTC