- From: Rigo Wenning <rigo@w3.org>
- Date: Wed, 05 Sep 2012 20:48:58 +0200
- To: public-tracking@w3.org
- Cc: Shane Wiley <wileys@yahoo-inc.com>, Justin Brookman <justin@cdt.org>
Shane, On Wednesday 05 September 2012 09:54:22 Shane Wiley wrote: > Rob and Rigo - please feel to chime in here. you were calling for it! IMHO, we do not need a "public commitment" if we require a response header, which is a personalized commitment. And the WKL is even a public commitment. Without such a response, the DNT-header is just wishful thinking conveyed to the world. By sending tracking-v = "1" you IMHO semantically send a variable that contains a commitment to the requirements of the Compliance Spec. David mainly suggests that the Server returns a (P3P :) Policy on a DNT request. And Ed says, the UA may in this case decide what to do (block, transform cookies into session cookies etc). This makes DNT as complex as P3P is. I thought the goal was to make something easy, lean and predictable that people may or may not use. So I'm siding with Justin. The DNT-Protocol is not made for policy interaction as it starts with a user-preference and would need another round trip to complete: User -> DNT:1 Service: -> ackFU User: -> GET ackFU User: (ackFU | blockU | walkU) (I wonder what the meaning of sending DNT:1 in this protocol is) For the EU, IMHO the compliance document still plays a role as it will serve as an orientation for authorities what the industry has considered to be reasonable. And this will influence decisions. As I said on the call, IMHO the DPAs are looking for usable data protection for the internet context. But it is also clear that if the level of protection is watered down to almost zero, they will not follow. Rigo
Received on Wednesday, 5 September 2012 18:49:24 UTC