Re: June Change Proposal, third party compliance from Nicholas Doty on 2013-06-24 (public-tracking@w3.org from June 2013)

From: Nicholas Doty <npdoty@w3.org>
Date: Mon, 24 Jun 2013 01:15:55 -0700
To: David Singer <singer@apple.com>
Cc: "public-tracking@w3.org Mailing List" <public-tracking@w3.org>
Message-Id: <9DA15F65-AE98-4EC6-9B10-D43BD7C242EF@w3.org>

Hi David,

I've create ISSUE-203 to the Compliance June product; a new issue for the topic of this change.

I've set up a wiki page for this proposal: http://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_Tracking_Third_Party_Compliance 

As a question on the substance of the proposal, I'm not sure about your distinction between exceptions and consent. Doesn't the editors' draft "explicitly-granted exceptions, provided in accordance with the requirements of this standard" cover the case of out-of-band consent?

Thanks,
Nick

On Jun 20, 2013, at 3:25 PM, David Singer <singer@apple.com> wrote:

> Problem
> 
> "If a third party receives a DNT: 1 signal, then:
> 
> 	• the third party must not collect, retain, share, or use information related to the network interaction as part of which it received the DNT: 1 signal outside of the permitted uses as defined within this standard and any explicitly-granted exceptions provided in accordance with the requirements of this standard;
> 	• the third party must not use information about previous network interactions in which it was a third party, outside of the permitted uses as defined within this standard and any explicitly-granted exceptions, provided in accordance with the requirements of this standard."
> 
> 
> 1) We imply but nowhere say, that what third parties must do under DNT:1 is to reduce 'tracking', as defined.
> 2) We don't allow out-of-band-consent.
> 3) Exceptions don't need to be mentioned, as they cause DNT:0 to be sent, not DNT:1.
> 
> Proposal
> 
> Insert 'tracking' twice and remove exceptions:
> 
> If a third party receives a DNT: 1 signal, then, unless it has consent from the user:
> 
> 	• the third party must not collect, retain, share, or use tracking information related to the network interaction as part of which it received the DNT: 1 signal outside of the permitted uses as defined within this standard;
> 	• the third party must not use tracking information about previous network interactions in which it was a third party, outside of the permitted uses as defined within this standard.
> 
> 
> David Singer
> Multimedia and Software Standards, Apple Inc.
> 
>

Received on Monday, 24 June 2013 08:16:09 UTC