- From: Rob van Eijk <rob@blaeu.com>
- Date: Thu, 25 Oct 2012 10:23:42 +0200
- To: <public-tracking@w3.org>
I am pleased to see that we are finaly getting into global considerations territory. Rob Kimon Zorbas schreef op 2012-10-25 09:29: > Fully support Rigo: if a user objects to the data processing, the > service provider has a right to not provide the service. That is > broad > consensus of policymakers, industry and regulatory authorities (DPAs > & > telecom and other). > > Kind regards, > Kimon > > ----- Reply message ----- > From: "Rigo Wenning" <rigo@w3.org> > To: "public-tracking@w3.org" <public-tracking@w3.org>, > "rob@blaeu.com" <rob@blaeu.com> > Subject: tracking-ISSUE-184 (Walter van Holst): 3rd party > dependencies in 1st party content [Tracking Definitions and > Compliance] > Date: Thu, Oct 25, 2012 8:58 am > > Walter, Rob, > > in our setup, a first party doesn't need consent with the current > specifications. And the second party is not DNT enabled in your > scenario. So you have already a logic break in there. > > There is a law in Germany that a service can't refuse service merely > because the data subject refuses data collection. This hasn't been > applied in a case I know of. And for good reasons. If the user > refuses necessary data collection, how would I obtain the service? > > I think we would be ill-guided if we would accept that a service > can't refuse service. Forced licenses and services exist for patents > and monopolies. We are not there. And if we were there, we would > have to define precisely what that minimum service is. I don't think > we can do that from here. > > The only point that Walter has is the following: If the first party > responds "3" (as in the EU context) and has other third parties not > compliant with DNT and the site is not working without them, one > could argue for text that says, the entire site is not DNT > compliant. But that has dangers from redirects and other surprises. > I would rather say that we add non-normative text that the browser > should assume that the site is not usable with DNT. It finally says > that the site, by establishing the denial, it links its service to > another non-DNT service such that the DNT can't be assumed. > > Another break is then, that Walter assumes DNT and says: "The user > is forced to give consent". But there is no DNT to consent to other > than the first party as -by definition- the third party is not DNT > enabled. > > Concluding, I can say that for the EU, the situation is rather > simple. Requests are DNT-enabled or not. If those enabled are > hardwired with a service that aren't, the entire request must fail > or made under the assumption of DNT unset. > > Rigo > > On Wednesday 24 October 2012 19:49:46 Rob van Eijk wrote: > > > This raises an interesting situation if we have DNT. For example > > > we have a 1st party that is trusted by the user and also claims > > > to comply > > > to DNT and a 3rd party that is neither. Since the 1st party > > > content is > > > technically dependent on 3rd party content, the user has the > > > choice between either granting consent to the 3rd party in > > > order to have the 1st party function properly or not getting > > > the content at all. > > > > > > To what extent is such consent informed, genuine and meaningful? > > > > I would like to add the question the element of free (i.e. freely > > given): to what extent is such consent freely given. > > > > (Recital 17 (2002/58/EC): Consent may be given by any appropriate > > method enabling a freely given, specific and informed indication > > of the user’s whishes.)
Received on Thursday, 25 October 2012 08:24:15 UTC