tracking-ISSUE-167 (mikeo): Multiple site exceptions [Tracking Preference Expression (DNT)]

tracking-ISSUE-167 (mikeo): Multiple site exceptions [Tracking Preference Expression (DNT)]

Raised by: Mike O'Neill
On product: Tracking Preference Expression (DNT)

It is very common that a single legal entity controls very many websites, and wish to apply a single privacy policy and set of standards across all or many of them.

For instance some multi-brand international consumer products companies control hundreds of websites and they currently offer a single "cookies policy" across their EU member state facing ones in order to help comply with the Privacy & Electronic Communications directive.

The DNT exception API currently would require a new user-agent UI interaction for every site under the same policy. It would be very useful for these companies that they could request one exception for their "tracking policy" so that they need not bombard their site visitors with multiple requests.

The current API usefully leverages the same-origin security model to ensure requests can not be forged by malicious parties, but at the moment this results in a the exception being "locked" to a single domain name. The only alternative for these large multi-site organisations, other than repetatively polling their users, is to ask for a web-wide exception, which may not be appropriate for many users and so reduce consumer choice.

I have written a description of an API that could give user-agents the ability to associate legal entities with exceptions but still retain the domain-origin security model. It also addresses the use case of Issue-138. 

Received on Monday, 24 September 2012 10:33:56 UTC