- From: Rigo Wenning <rigo@w3.org>
- Date: Wed, 26 Sep 2012 11:53:41 +0200
- To: public-tracking@w3.org
- Cc: Mike O'Neill <michael.oneill@baycloud.com>, 'Nicholas Doty' <npdoty@w3.org>
Mike, I see what you want to accomplish. But can't you do that by normally requesting an exception for one entity and declaring all the others in "same-party". Can you verify whether the wording in the TPE- specification would fit your use case? In this case, the first site the user hits would ask for an exception and all the others are in the "same-party" field anyway. So if the browser hits bar.org it gets an exception. If the browser now hits foo.org it reads "same- party" in the WKL and finds that foo.org and bar.org are the same- party, thus the exception applies. I recognize that there are security issues here as someone can just claim to be the same-party as a well known site. Nick, I think Mike is trying to accomplish a cookie-consent for one entity over many sites. And in the EU context, the first party - third party distinction doesn't really play that same role. So the goal here is to disturb the user only once for a large array of sites belonging to the same legal entity, regardless of whether those are first or third parties. But I may be wrong. Rigo On Tuesday 25 September 2012 15:00:23 Mike O'Neill wrote: > For instance if I go to multi-brand.yummycatford.co.uk I could see > their tracking policy is from Multibrand Inc. I agree to their > cookies using a UI meeting the EU PECR requirement and > simultaneously agree to an exception for a set of embedded 3rd > party content on that site. Multibrand Inc. record my agreement > to their cookies (I have also agreed to their cookies/storage so > that’s fine) and also a record of the domain-origin > (multi-brand.yummycatford.co.uk) together with the > trackingExceptionID returned with the exception grant callback.
Received on Wednesday, 26 September 2012 09:52:02 UTC