Re: ISSUE-184

Hi Walter, Roy, 

I think the issue goes further than pure content blocking or "consent to 
get content". 

In fact, the first party makes claims of DNT compliance. This touches on 
the freedom of the first party e.g. to follow third party rules (aka 
global considerations). 

The question is now, whether this is not what the romans called "venire 
contra factum proprium": On the one hand, I declare to be DNT compliant, 
on the other hand I require third party tracking for access. 

This has two possible situations: 

1/ The requested third party has DNT capabilities, but requires an 
exception in order to function. This is transparent to the UA and the 
user and there is full information. Like Rob said: this is like a 
paywall and the market will decide on it. We can't order free content by 
standard IMHO. So no issue with the scenario

2/ The requested third party does not react on DNT. Here we have 
conflicting statements that are hard to understand. The first party 
claims DNT-compliance but requires a tracking third party that does not 
implement DNT. I find that problematic. Because if we don't find that 
problematic Roy, the Scope of DNT is back on the single GET request. I 
would find that nice, but it would have consequences for the protocol 
IMHO. (e.g. making headers much more important). 

Consequently, I would amend Walter's text by saying that: 

A first-party signaling compliance to this standard shall ensure that
its content functionally or otherwise effectively dependent on
elements provided by third-parties also are DNT compliant and offer DNT 
functionality unless the first-party signals a SAME-PARTY flag for such 
third-parties (and thus making them its own responsibility)

 --Rigo

On Wednesday 22 May 2013 21:41:05 Walter van Holst wrote:
> On 225//13 9:19 PM, JC Cannon wrote:
> > Under DNT, third parties are not allowed to collect data for
> > targeting purposes or share data with third parties so any
> > third-party data used by the first party would have only been
> > collected when DNT was disabled or absent.
> 
> Dear J.C.,
> 
> My understanding of the spec (which may be flawed, so bear with me) is
> that it allows for third-parties to ignore any DNT signal provided
> that they do not claim to be DNT-compliant. While the current spec
> allows a first-party to collect data while claiming DNT-compliance,
> even when appending it with data collected in a third-party quality
> (with which I disagree, but that is not the issue at hand).
> 
> So to be slightly more specific about the scenario mentioned in
> ISSUE-184:
> 
> Imagine:
> 
> - News site A claiming to be DNT-compliant, and actually does not
> collect data at all itself, it also does not directly demand any
> personal data whatsoever. But...
> 
> - through some Javascript-Fu, it (possibly inadvertedly) makes its
> content only available if the UA renders a third-party single-pixel
> tracker.
> 
> Or alternatively, it only makes it content available if the
> third-party receives a DNT:unset or DNT:0 signal.
> 
> So all parties involved can claim DNT-compliance, even the
> third-party. It does not provide its content under a DNT:1 signal
> (what the spec allows for).
> 
> To me any DNT:0 signal such third-party receives is not freely given
> consent.
> 
> To cut a very long story short: if you make your content dependent on
> third-party content that either is not DNT-compliant or requires a
> DNT:0 or DNT:unset signal, you cannot in good faith claim to be
> DNT-compliant unless you use the SAME-PARTY feature. Because from a
> user-perspective you are acting as the same party.
> 
> Regards,
> 
>  Walter

Received on Monday, 3 June 2013 10:21:07 UTC