- From: Mike O'Neill <michael.oneill@baycloud.com>
- Date: Tue, 18 Jun 2013 13:08:33 +0100
- To: "'Rigo Wenning'" <rigo@w3.org>, <public-tracking@w3.org>
- Cc: "'Matthias Schunter \(Intel Corporation\)'" <mts-std@schunter.org>, "'Rob van Eijk'" <rob@blaeu.com>
Hi Rigo, I agree many of the "implied consent" banners we see in the UK are irritating and annoying, because they do not offer the ability to give or revoke consent for [tracking identifier] storage as required by the ePrivacy directive. They usually just allow you to click a button to make them go away, so offering a diminished web experience without any choice over privacy. I also agree that using cookies as an opt-out signal is sub optimal. A user deleting their cookies as a privacy protection tactic will paradoxically revoke all their carefully arranged opt-outs. Also if they have set their Firefox browser to block third-party cookies but accept those from visited sites (which was going to be the default in Firefox 22) then just accepting an opt-out cookie will allow third-party cookies from the same site, the opposite to the user's intention. But using OOBC alongside DNT does not necessary mean either of these, and is in any case unavoidable. The DNT UGE mechanism we have now will have to be augmented using other mechanisms, for example to support sunset revocation, cross-domain consent and consent signalled through login authentication. You are right that the user must be always able to revoke any consent they have given within their browser, but this can still be supported by a properly implemented DNT augmentation mechanism. We could help with transparency by adding some non-normative text describing how it could be done, with recommendations on names and value encoding (if it is based on HTTP cookies, which it does not have to be). Mike -----Original Message----- From: Rigo Wenning [mailto:rigo@w3.org] Sent: 18 June 2013 09:19 To: public-tracking@w3.org Cc: Matthias Schunter (Intel Corporation); Rob van Eijk Subject: Re: Batch closing of TPE related issues On Monday 10 June 2013 14:39:48 Matthias Schunter wrote: > Do I understand you correctly that > - you are concerned if UGEs are translated into out of band > exceptions? Matthias, have you ever tried to revoke your consent or to opt out of one of those ridiculous UK ICO cookie banners? I think that a UGE MUST NOT be translated into OOBC, a user MUST be able to revoke UGE by deleting the exception in the store. The whole point of DNT is a centralized opt-out in the browser. This means Shane's local duplication is meaningless. It may only serve as a memory for some historical state, but MUST NOT overwrite the status of the UGE store in the browser. Otherwise the exercise is futile because Johnny can't opt out anymore. --Rigo
Received on Tuesday, 18 June 2013 12:09:15 UTC