- From: Ronan Heffernan <ronansan@gmail.com>
- Date: Tue, 23 Apr 2013 10:13:15 -0400
- To: "Matthias Schunter (Intel Corporation)" <mts-std@schunter.org>
- Cc: "rob@blaeu.com" <rob@blaeu.com>, "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
- Message-ID: <CAHyiW9LTs-s7UWP7rs-Qfd4rt7yJkemAx31=nbTZHk9OPu0Z4Q@mail.gmail.com>
Matthias, I agree that non-real-time determination of OOBC is a standalone issue that is not tied to those other issues. --ronan On Tuesday, April 23, 2013, Matthias Schunter (Intel Corporation) wrote: > Hi Rob, > > thanks for the clarification. > > Note that we currently intermingle three independent discussions: > (a) The pixel that cannot talk Javascript > [This has been resolved by saying: The pixel has to collaborate with > a page that has Javascript to get an in-band exception] > [For OOBC it does not need Javascript] > > (b) OOBC that cannot be retrieved reliably in real-time (e.g., due to > remote storage or database synchronisation) > > (c) the permitted use of "short-term retention" (e.g., you can store > everything for XX hours and after those XX hours, the compliance > constraints on collection must be satisfied). > > > While Nielsen indicates a desire to resolve all three issues, they are > nevertheless independent from each other. > I believe that we should focus on (b), which is the core of the OOBC > concern. > > In its core, it does not affect collection but only notice/transparancy: > The question is whether it is OK to tell a user > "I process your data based on the OOBC stored; visit [link] for details." > and [link] says > "According to our data, our databases currently indicates that we [do/do > not] have OOBC from you. > If you changed your preferences recently, please come back in 36h to > get an definitive answer". > > I do not see a problem with collection/use since data is never stored/used > without sufficient consent > > The privacy concerns I see are: > - The DNT response is not in real-time (an extra visit to [link] and some > waiting may be required) > > What is your opinion on (b)? > > Regards, > matthias > > > > On 23/04/2013 15:30, Rob van Eijk wrote: > > Hi Matthias, > > btw: Pixels can talk DNT (request and response headers are included). > They only cannot trigger the JS-based exception API. > > Got that, so let's call it partial DNT. Alex put this on the table in > Washington and much of it relates to his proposal from back then ( > http://lists.w3.org/Archives/**Public/public-tracking/**2012Apr/0076.html<http://lists.w3.org/Archives/Public/public-tracking/2012Apr/0076.html> > ) > > Could you further clarify your concern? Would you like to > (a) Disallow out-of-band consent altogether? > > No, but if you are putting OOBC on the table and are not sure about it in > real-time, it it not proportinal to the privacy intrusion. > > (b) Disallow out-of-band consent that cannot be retrieved in real-time? > > Indeed. The rationale behind it is collection limitation as a meaningful > added value of a W3C DNT standard. > > (c) Disallow DNT for pixels? > > Indeed, if a server can not talk full DNT (incl JS-based exeptoin API) AND > is not able to know in real-time if OOBC trumps the tracking request, it > sould not be allowed IMHO. > > (d) somethine else? > > > > Matthias Schunter (Intel Corporation) schreef op 2013-04-23 11:15: > > Hi Rob, > > > thanks for the feedback! > > I believe that out of band consent goes beyond the pixel-problem and > audience measurement. > > Could you further clarify your concern? Would you like to > (a) Disallow out-of-band consent altogether? > (b) Disallow out-of-band consent that cannot be retrieved in real-time? > (c) Disallow DNT for pixels? > (d) somethine else? > > btw: Pixels can talk DNT (request and response headers are included). > They only cannot trigger the JS-based exception API. > > > Regards, > matthias > > > On 23/04/2013 10:07, Rob van Eijk wrote: > > > Counterproposal: Silence i.e. no text. > > OOBC for panel members and the problem of the pixels not being able to > talk DNT is an innovation problem for audience measurement industry. Making > the problem go away by not calling it a problem under DNT anymore is not > acceptable for me and probably more privacy advocates. > > Rob > > Roy T. Fielding schreef op 2013-04-23 08:03: > > Bah, resend with a fixed subject ... > > I think this is related to ISSUE-195, but really should have been > raised as a separate issue. > > There was a long discussion about a new tracking status for systems > that only track by consent but do not actually determine consent > during request time, originally requested by Alex and more recently > by Ronan. Unfortunately, the discussion kept going in the weeds, > at least partly because people mistook the request as an expansion > on the existing consent (C) response. > > So, I have written a proposal within the editors' draft as a new > option with a TSV of P for potential consent. > > ....Roy > > Begin forwarded message: > > Resent-From: public-tracking-commit@w3.org > From: "CVS User rfieldin" <cvsmail@w3.org> > Subject: CVS WWW/2011/tracking-protection/**drafts > Date: April 22, 2013 4:11:49 PM PDT > To: public-tracking-commit@w3.org > Archived-At: <http://www.w3.org/mid/**E1UUPtl-0006gx-Ok@gil.w3.org<http://www.w3.org/mid/E1UUPtl-0006gx-Ok@gil.w3.org> > > > > Update of /w3ccvs/WWW/2011/tracking-**protection/drafts > In directory gil:/tmp/cvs-serv25723/drafts > > Modified Files: > tracking-dnt.html > Log Message: > ISSUE-195: Add a TSV option for potential consent (P) to address Ronan's > use case > > --- /w3ccvs/WWW/2011/tracking-**protection/drafts/tracking-**dnt.html > 2013/04/22 21:28:40 1.201 > +++ /w3ccvs/WWW/2011/tracking-**protection/drafts/tra > >
Received on Tuesday, 23 April 2013 14:13:47 UTC