Re: ISSUE-45 ACTION-246: draft proposal regarding making a public compliance commitment


On Wednesday 05 September 2012 09:54:22 Shane Wiley wrote:
> Rob and Rigo - please feel to chime in here.

you were calling for it!

IMHO, we do not need a "public commitment" if we require a response 
header, which is a personalized commitment. And the WKL is even a 
public commitment. Without such a response, the DNT-header is just 
wishful thinking conveyed to the world. By sending 
tracking-v    = "1" 
you IMHO semantically send a variable that contains a commitment to 
the requirements of the Compliance Spec. 

David mainly suggests that the Server returns a (P3P :) Policy on a 
DNT request. And Ed says, the UA may in this case decide what to do 
(block, transform cookies into session cookies etc). This makes DNT 
as complex as P3P is. I thought the goal was to make something easy, 
lean and predictable that people may or may not use. So I'm siding 
with Justin. The DNT-Protocol is not made for policy interaction as 
it starts with a user-preference and would need another round trip 
to complete: 

User -> DNT:1
Service: -> ackFU
User: -> GET ackFU
User: (ackFU | blockU | walkU)
(I wonder what the meaning of sending DNT:1 in this protocol is)

For the EU, IMHO the compliance document still plays a role as it 
will serve as an orientation for authorities what the industry has 
considered to be reasonable. And this will influence decisions. As I 
said on the call, IMHO the DPAs are looking for usable data 
protection for the internet context. But it is also clear that if 
the level of protection is watered down to almost zero, they will 
not follow. 


Received on Wednesday, 5 September 2012 18:49:24 UTC