- From: Rigo Wenning <rigo@w3.org>
- Date: Mon, 03 Jun 2013 12:20:38 +0200
- To: public-tracking@w3.org
- Cc: Walter van Holst <walter.van.holst@xs4all.nl>
Hi Walter, Roy, I think the issue goes further than pure content blocking or "consent to get content". In fact, the first party makes claims of DNT compliance. This touches on the freedom of the first party e.g. to follow third party rules (aka global considerations). The question is now, whether this is not what the romans called "venire contra factum proprium": On the one hand, I declare to be DNT compliant, on the other hand I require third party tracking for access. This has two possible situations: 1/ The requested third party has DNT capabilities, but requires an exception in order to function. This is transparent to the UA and the user and there is full information. Like Rob said: this is like a paywall and the market will decide on it. We can't order free content by standard IMHO. So no issue with the scenario 2/ The requested third party does not react on DNT. Here we have conflicting statements that are hard to understand. The first party claims DNT-compliance but requires a tracking third party that does not implement DNT. I find that problematic. Because if we don't find that problematic Roy, the Scope of DNT is back on the single GET request. I would find that nice, but it would have consequences for the protocol IMHO. (e.g. making headers much more important). Consequently, I would amend Walter's text by saying that: A first-party signaling compliance to this standard shall ensure that its content functionally or otherwise effectively dependent on elements provided by third-parties also are DNT compliant and offer DNT functionality unless the first-party signals a SAME-PARTY flag for such third-parties (and thus making them its own responsibility) --Rigo On Wednesday 22 May 2013 21:41:05 Walter van Holst wrote: > On 225//13 9:19 PM, JC Cannon wrote: > > Under DNT, third parties are not allowed to collect data for > > targeting purposes or share data with third parties so any > > third-party data used by the first party would have only been > > collected when DNT was disabled or absent. > > Dear J.C., > > My understanding of the spec (which may be flawed, so bear with me) is > that it allows for third-parties to ignore any DNT signal provided > that they do not claim to be DNT-compliant. While the current spec > allows a first-party to collect data while claiming DNT-compliance, > even when appending it with data collected in a third-party quality > (with which I disagree, but that is not the issue at hand). > > So to be slightly more specific about the scenario mentioned in > ISSUE-184: > > Imagine: > > - News site A claiming to be DNT-compliant, and actually does not > collect data at all itself, it also does not directly demand any > personal data whatsoever. But... > > - through some Javascript-Fu, it (possibly inadvertedly) makes its > content only available if the UA renders a third-party single-pixel > tracker. > > Or alternatively, it only makes it content available if the > third-party receives a DNT:unset or DNT:0 signal. > > So all parties involved can claim DNT-compliance, even the > third-party. It does not provide its content under a DNT:1 signal > (what the spec allows for). > > To me any DNT:0 signal such third-party receives is not freely given > consent. > > To cut a very long story short: if you make your content dependent on > third-party content that either is not DNT-compliant or requires a > DNT:0 or DNT:unset signal, you cannot in good faith claim to be > DNT-compliant unless you use the SAME-PARTY feature. Because from a > user-perspective you are acting as the same party. > > Regards, > > Walter
Received on Monday, 3 June 2013 10:21:07 UTC