Re: Moving "C"onsent from Tracking Status to Permitted Use? from David Singer on 2013-04-03 (public-tracking@w3.org from April 2013)

From: David Singer <singer@apple.com>
Date: Wed, 03 Apr 2013 14:52:32 -0700
To: Matthias Schunter <mts-std@schunter.org> (Intel Corporation)
Cc: "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
Message-id: <E013FFD5-1AAF-4561-88DE-9172663AA2A6@apple.com>

I have previously preferred distinguishing "who I am" from "how I am operating", and I feel that have C and ! as 'status' indicators rather than qualifiers means that I can no longer tell whether I am interacting with someone who thinks of themselves as a 1st or 3rd party.  So I agree, rather than C or ! as the first character, I think that

1C -- first party with consent
3C -- third party with consent
1!  -- first party under construction
3!  -- third party under construction

seem to make more sense, and be more informative.  As it is, if I get "!" in today's spec I am not able to tell whether the site is trying to construct a 3rd or 1st party experience; similarly for "C".

On Mar 28, 2013, at 4:47 , Matthias Schunter (Intel Corporation) <mts-std@schunter.org> wrote:

> Hi Team,
> 
> 
> I discussed our approach to consent (in-band and out of band) with Rigo.
> 
> We observed that the fact that you have consent is orthogonal to the overall tracking status.
> As a consequence, we believe that "C"onsent should be signaled as a qualifier (similar to a permitted use).
> 
> If we introduce this change, the scenario/flow for in-band exceptions would not change:
>   1. - The site has an exception and has therefore received DNT;0 from the browser
>   2. - The site responds with "1" or  "3" to indicate that they comply with DNT
> 
> However, the flow for out-of-band exception would get clearer:
> 
> OLD:
>   1. - The site receives DNT;1
>   2. - The site (somehow) reliably determines _in real time_ that it has out of band consent
>   3. - The site responds with "C" thus indicating that it has out of band consent
>         and provides a control link.
> 
> NEW:
>   1. - The site receives DNT;1
>   2. - The site (somehow) reliably determines _in real time_ that it has out of band consent
>   3. - The site responds with "3C" thus indicating that
>            - It acts as a 3rd party
>            - It will use the data in ways that are beyond the usages permitted by DNT;1 since
>              it has obtained out of band consent. A  control link is still required.
> 
> I think that modeling out of band consent as a permitted us is cleaner than the current approach
> that models it as a special tracking status.
> 
> Note: This discussion is orthogonal to the discussion what to do if the site cannot determine the consent in real time.
> 
> 
> Opinions/Feedback?
> 
> 
> Regards,
> matthias
> 
> 

David Singer
Multimedia and Software Standards, Apple Inc.

Received on Wednesday, 3 April 2013 21:53:06 UTC