Fwd: Re: Moving "C"onsent from Tracking Status to Permitted Use? from Matthias Schunter (Intel Corporation) on 2013-04-16 (public-tracking@w3.org from April 2013)

From: Matthias Schunter (Intel Corporation) <mts-std@schunter.org>
Date: Tue, 16 Apr 2013 10:43:36 +0200
To: "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
Message-ID: <516D0F38.2030801@schunter.org>

Hi Team,

I started a discussion on out of band consent on the editors list (it 
evolved from a request for text).
I will cross-post/forward some messages to educate the whole team.

Matthias

-------- Original Message --------
Subject: 	Re: Moving "C"onsent from Tracking Status to Permitted Use?
Resent-Date: 	Mon, 15 Apr 2013 19:27:41 +0000
Resent-From: 	team-tracking-editors@w3.org
Date: 	Mon, 15 Apr 2013 21:27:14 +0200
From: 	Matthias Schunter <mts@schunter.org>
To: 	team-tracking-editors@w3.org, Ronan Heffernan <ronansan@gmail.com>

Hi David,

I agree that a immediate and definively correct response would be optimal.

The background on a non-zero delay is that enterprises often use
database synchronisation for such web-facing sites (e.g., nightly sync
of the web-facing mysql with the internal oracle DB). This has a
consequence, that the mysql data is not always accurate.

1.  If a user retrieves the "control" URI, he usually gets the right result
2. If he recently changed things, he needs to wait for 24h to ensure
that the correct result is displayed.

If we keep the text vague like "the control link allows a user to
invesigate out of band consent." then these technical implementation
details would not affect our standard.

Opinions?

Regards,
matthias

On 15/04/2013 08:42, David Singer wrote:
> On Apr 11, 2013, at 15:13 , Matthias Schunter (Intel Corporation) <mts-std@schunter.org> wrote:
>
>> Hi Ronan,
>>
>>
>> thanks for the interesting discussion on out-of-band consent.
>>
>> Could you try to convert our discussions into proposed text changes and proposed additions for the TPE spec?
>>
>> Items we IMHO seem to converge on:
>> - Data can be retained for a while (say 24h) and cleansed based on the out of band consent collected
>> - Out of band consent is signaled with the "C" (data processed under out of band consent)
>> - If "C" is signaled to the user, then the user can retrieve whether out-of-band consent has been used within 36hours from the URL
> s/within 36hours/immediately/
>
> I can't see how 'come back in a day and a half' is any meaningful disclosure, or control.
>
> It's a hole the mis-behaved could (and would) drive a truck through.  How do I even identify the transaction 36 hours later?
>
> David Singer
> Multimedia and Software Standards, Apple Inc.
>
>

Received on Tuesday, 16 April 2013 08:44:00 UTC