Re: June Draft of the DNT compliance spec

Let me add that the intersection of the TPE and compliance specs does arise here, and within W3C we are in the process of trying to sort through what will go where.



Prof. Peter P. Swire
C. William O'Neill Professor of Law
Ohio State University

Beginning August 2013:
Nancy J. and Lawrence P. Huang Professor
Law and Ethics Program
Scheller College of Business
Georgia Institute of Technology

From: "Matthias Schunter (Intel Corporation)" <<>>
Date: Thursday, June 13, 2013 4:34 PM
To: "<>" <<>>
Subject: Re: June Draft of the DNT compliance spec
Resent-From: <<>>
Resent-Date: Thursday, June 13, 2013 4:34 PM

Hi Team,

while we should not revisit this issue, I believe that it is useful to fine-tune our joint understanding of the words "unless a specific tracking preference is implied by the decision to use that agent."

While I do not expect changes to the normative text (unless we discover serious problems), the discussion may enable us to further clarify by adding non-normative text and examples. Even if we do not add text, we will end up with a better joint understanding...

That said, we may also spend some effort on the issues that are formally open at this point. ;-)


On 13/06/2013 20:08, John Simpson wrote:
Indeed, there has long been this language in Section 3 of the TPE, Determining User Preference:

"A user agent MUST have a default tracking preference of unset (not enabled) unless a specific tracking preference is implied by the decision to use that agent. For example, use of a general-purpose browser would not imply a tracking preference when invoked normally as SuperFred, but might imply a preference if invoked as SuperDoNotTrack or UltraPrivacyFred. Likewise, a user agent extension or add-on MUST NOT alter the tracking preference unless the act of installing and enabling that extension or add-on is an explicit choice by the user for that tracking preference.

Looks to me like it's open season on any text that many of us understood to represent consensus...

On Jun 13, 2013, at 7:00 AM, Justin Brookman <<>> wrote:

I was just giving the historical context.  The idea that a privacy-specific user agent could send DNT:1 without more disclosure had been agreed to for several months, and then was later revisited.  Similar to the security language that had been worked out nearly a year ago . . .

Please say that no one has an action item to redefine "party." :)

On Jun 13, 2013, at 9:53 AM, Chris Mejia <<>> wrote:

Hi Justin,

I don't believe we are in full agreement on this.  Please see the text that Alan and I submitted yesterday, on requirements for agents sending/altering a user's preference expression.



Chris Mejia
Digital Supply Chain Solutions
Ad Technology Group
Interactive Advertising Bureau - IAB

On Jun 10, 2013, at 11:37 AM, "Justin Brookman" <<>> wrote:

Previously, I thought we had agreement that selection of a special privacy-protective product or setting could imply consent to send DNT:1  This agreement is currently reflected in the TPE in Section 3:  For example, I believe that Safari turns on DNT:1 whenever someone engages "Private Browsing" mode, despite no specific language about Do Not Track:

However, that language/agreement may have been subsumed by more recent discussions.

On Jun 10, 2013, at 11:15 AM, "Craig Spiezle" <<>> wrote:

I apologize for possibly bringing up a closed issue, but do you see a distinction between a browser or a privacy / security enhancing product?   I agree with what is proposed by a browser, but see there might be other scenarios where the consumer is making an implied decision when acquiring a third party security / privacy add-on?.

Conceptually let’s call the product Privacy and Data Protector which by default out of the box offers “maximized protection of your data collection and privacy”.   Could one argue that one who purchases such a product in effect is making an implied decision to use such functionality.  Better yet Ad-Block Plus?

From: Shane Wiley [<>]
Sent: Monday, June 10, 2013 7:17 AM
To: Alan Chapell; Peter Swire;<>
Subject: RE: June Draft of the DNT compliance spec

Friendly amendment suggestion:

“…unless they have otherwise obtained consent from the user to do so.”

- Shane

From: Alan Chapell []
Sent: Monday, June 10, 2013 6:31 AM
To: Peter Swire;<>
Subject: Re: June Draft of the DNT compliance spec

Thanks Peter. I'm still generally uncomfortable that DNT doesn't place requirements on First Parties.

One item of particular concern that seems to have fallen off the radar is the scenario where a party collects data in a first party context and attempts to use it in a third party context when DNT is enabled. I thought there was agreement on this issue. However, I keep raising it, and it doesn't seem to make it into the drafts. Perhaps its implied in the language "… customize the content, services, and advertising in the context of the first party experience." However, it is not clear enough, IMHO.

To address, I offer the following language to Section 4 (First Party Compliance). The new language is below.

First Parties must not use data collected while a First Party when acting as a Third-Party when DNT = 1.

Nick – if I need to open up another issue on this, please let me know. Thanks!

From: Peter Swire <<>>
Date: Monday, June 10, 2013 7:47 AM
To: "<>" <<>>
Subject: June Draft of the DNT compliance spec
Resent-From: <<>>
Resent-Date: Mon, 10 Jun 2013 11:47:58 +0000

To the Working Group:

        Attached please find a June Draft of the compliance spec.  The spec is also available at:

This draft builds directly on the Consensus Action Summary from the Sunnyvale F2F.  Working closely with W3C staff, and based on numerous discussions with members of the WG, this June Draft is my best current estimate of a document that can be the basis for a consensus document in time for Last Call.

        The June Draft includes a number of grammatical and stylistic edits to various provisions of the previous working drafts.  These sorts of edits were done in hopes of adding clarity and good writing to the provisions.  In the spirit of humility, W3C staff and I recognize that members of the WG may spot substantive objections to these stylistic edits – let us work within a constructive spirit of the working group process to examine and, where appropriate, make changes to these edits.

        The Draft also addresses the four task areas included in the Consensus Action Summary.  In proposing language in the June Draft, my intent and belief was to make good substantive judgments about an overall package that may achieve consensus, as well as item-by-item judgments about what is substantively most defensible within the context of the WG.  Clearly, the group will need to work through each piece of the text, members can suggest alternatives, and we will need to determine where and whether consensus exists.

        The June Draft contains normative text but not non-normative text.  In part, this reflects my view that we have the best chance to work constructively on a relatively short amount of normative text.  Proposed non-normative text can be proposed for provisions in time for Last Call.  As a potentially useful alternative, W3C has various mechanisms for publishing notes or other documents that illuminate a standard.  The best time for detailed discussion of most non-normative text quite possibly will be after Last Call.

        The June Draft discusses only items that the W3C WG can address.  Clearly, the actions of others on these issues may be relevant to the overall outcome.  For instance, the DAA has discussed changes to its code, including on its market research and product development exceptions.   There has been discussion of a potentially useful limit on any blocking of 3d party cookies for sites that comply withDNT.  There may also be new and useful technical measures that would be important to the future of advertising in a privacy-protective manner.  The text here, as indicated, addresses what would be within the compliance spec itself.

        W3C staff and I are working on further explanatory materials that will seek to clarify the changes here, and link the June Draft to the issues on the WG site.

        The regular call this Wednesday will be an opportunity for the Group to have an initialdiscussion of the June Draft.  To give everyone a chance to review this material, we will not be seeking to close compliance issues during this Wednesday’s calls.

        Thank you,


Prof. Peter P. Swire
C. William O'Neill Professor of Law
           Ohio State University

Beginning August 2013:
Nancy J. and Lawrence P. Huang Professor
Law and Ethics Program
Scheller College of Business
Georgia Institute of Technology

Received on Thursday, 13 June 2013 21:04:09 UTC