- From: Mike O'Neill <michael.oneill@baycloud.com>
- Date: Thu, 13 Sep 2012 17:03:56 +0100
- To: "'Kimon Zorbas'" <vp@iabeurope.eu>, <public-tracking@w3.org>
- Message-ID: <027501cd91c9$619a5250$24cef6f0$@baycloud.com>
My only point was that a change to the API could help to solve the "IE10 default DNT does not comply" dispute, which seems to me to be clogging up the works. It was triggered by Rigo's comment on issue-116 about DNT being/could be a consent indicator. I am not a lawyer and have no position on how the regulators would/should see this, but I think the TPWG and the European e-privacy legislation are addressing fundamentally the same issue, and here is an opportunity to kill two birds with same stone. Mike From: Kimon Zorbas [mailto:vp@iabeurope.eu] Sent: 13 September 2012 12:21 To: Mike O'Neill; public-tracking@w3.org Subject: Re: Intermediaries interfering with DNT decision making Hi Mike, we have had extensive discussions - and diverging opinions, whether an explicit consent is required. The only certain thing all agree is that requirements across the EU vary, as the EU law only rovides a framework to which countries have to respond (apologies for simplification). We would have legal issues, if the EU - or any Member State were to mandate this - or any standard. Kind regards, Kimon Kimon Zorbas Vice President IAB Europe IAB Europe - The Egg -Rue Barastraat 175 -1070 Brussels - Belgium Phone +32 (0)2 5265 568 Mob +32 494 34 91 68 Fax +32 2 526 55 60 vp@iabeurope.eu Twitter: @kimon_zorbas www.iabeurope.eu and www.interactcongress. eu IAB Europe supports the .eu domain name www.eurid.eu IAB Europe is supported by: Austria, Belgium, Bulgaria, Croatia, Czech Republic, Denmark, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Netherlands, Norway, Poland, Romania, Russia, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey, Ukraine and United Kingdom representing their 5.000 members. The IAB network represents over 90% of European digital revenues and is acting as voice for the industry at National and European level. IAB Europe is powered by: Adconion Media Group, Adconion Media Group, Adobe, ADTECH, Alcatel-Lucent, AOL Advertising Europe, AudienceScience, BBC Advertising, CNN, CoAdvertise, comScore Europe, CPX Interactive, Creafi Online Media, Criteo, Deutsche Post, eBay International Advertising, Evidon, Expedia Inc, Fox Interactive Media, Gemius, Goldbach Media Group, Google, GroupM, Hi-Media, Koan, Microsoft Europe, Millward Brown, News Corporation, nugg.ad, Nielsen Online, OMD, Orange Advertising Network, PHD, Prisa, Publicitas Europe, Quisma, Sanoma Digital, Selligent, TradeDoubler, Triton Digital, United Internet Media, ValueClick, Verisign, Viacom International Media Networks, Webtrekk, White & Case, Yahoo! and zanox. IAB Europe is associated with: Advance International Media, Banner, ePrivacyConsult, Emediate, NextPerformance, Right Media, Tribal Fusion and Turn Europe ----- Reply message ----- From: "Mike O'Neill" <michael.oneill@baycloud.com> To: "public-tracking@w3.org" <public-tracking@w3.org> Subject: Intermediaries interfering with DNT decision making Date: Thu, Sep 13, 2012 1:08 pm The exception API could be amended slightly to make the UA pop up a UI if DNT is unset. In jurisdictions needing explicit consent (like EU), publishers could be required by regulators to use that form of the API (i.e. if DNT is unset then ask the user how they want to handle it, e.g. leave it unset or specify 1 or 0). This would give EU regulators the ability to use DNT as a consent mechanism (which could even be page specific) which would be very helpful for publishers here, and may give Microsoft a way to defuse the argument. As part of their install the default homepage could implement the (amended) exception API. Mike -----Original Message----- From: Roy T. Fielding [mailto:fielding@gbiv.com] Sent: 13 September 2012 00:19 To: rob@blaeu.com Cc: public-tracking@w3.org Subject: Re: Intermediaries interfering with DNT decision making On Sep 12, 2012, at 2:03 PM, Rob van Eijk wrote: > From an EU perspective, the legal analysis of the express flow of IE-10 at install/update is not part of the scope of the DNT standard. If the express flow meets the criteria of consent in the EU, it will be a valid expression of user's consent, likewise if it does not meet the criteria of consent in the EU, it won't. The criteria for consent in the EU is pretty clear that a user never informed of the choice has never given consent. Would you disagree? It is also pretty clear, at least by the WP statements, that the consent has to be explicit. > It is not up to a server to do it's own legal assertion of the validity of a user's whishes. My conclusion is, that based on the DNT standard alone, it is impossible to claim that IE-10 is a non-comliant UA, stemming from a DNT setting that is on by default. Then why do we have any requirements in the specification? If it is WG opinion that a user agent can do whatever it likes and the server just has to accept it as fact, then we are done here. DNT is DOA. > The current text was indeed intended for user agents. No disagreement there. I propose to extend it to servers as well. In a dialogue there are two roles: senders and receivers. User agents and servers switch these roles frequently in a dialoque. I do not see a possibility for a meaningful DNT dialogue between user agent and server if the server that claims to be DNT compliant can drop a DNT signal at will. I agree with that. > An HTTP endpoint must also be held accountable to the DNT signal. I think it is important to not loose sight of an important function of DNT, which is that DNT is an important technical buildingblock for a meaningful DNT dialog between user agent and server. That dialogue starts with the expression of a user's personal preference and includes the respons on a server without discriminating user agents able to talk DNT. I agree with that also. It depends on the user's personal preference, and servers will not indicate compliance with a standard that allows user agents to lie about the user's preference. The goal here, naturally, is to find a way for servers to comply that doesn't require further legislation. > Bottom line is that in my opinion a server must respect the DNT signal, if it stems from a user agent capable of talking DNT. Asserting IE-10's legal validity of a valid expression of the user's whishes is irrelevant. A general purpose user agent that has not asked the user for their preference is not capable of talking DNT. HTTP semantics are important, and the only way to ensure that user agents respect them is if the server has the ability to say "no, you'll have to indicate preferences via some other means because your UA is broken". Otherwise, every UA will be broken in short order. ....Roy
Received on Thursday, 13 September 2012 16:04:37 UTC