RE: Change proposal Issue-201

Hi Rob,

 

+1 to that, though in the OOBC case “A user agent SHOULD change the DNT expression to DNT:0 for that network transaction” It would be easy to do it, if it can execute JS so why not. It helps transparency.

 

I think we could also add non-normative text in the TPE for an example of using an HTTP cookie for OOBC. This way we could recommend (it is non-normative)  the name and value encoding which also helps transparency, and if we use a W3C well-known name UAs could use it to revoke consent automatically in the same UI used for UGEs.

 

I will have a stab at text for this during the week, something like  (in a response header – it could of course also be done in JS) Set-Cookie: W3CTP=C=1 ( i.e. the cookie is named W3CTP and has a subkey C with value 1). If C=0 or the cookie is absent this indicates consent has been revoked or has not been given.

 

Mike

 

 

From: Rob van Eijk [mailto:rob@blaeu.com] 
Sent: 24 June 2013 21:45
To: public-tracking@w3.org Group WG
Subject: Change proposal Issue-201

 


Dear group,

hereby my text proposal for issue-201. It is also open for discussion.

Nick could you please add it to the change list for the June Draft?

Thanks,
Rob 

Text proposal: 
<text> 
In general, OOBC trumps UGE. 

OOBC: 
When a party relies on OOBC, it MUST use the tracking status value "C" and a well as a provide a well known resource/control link to easily revoke consent. A user agent MAY change the DNT expression to DNT:0 for that network interaction. 

UGE: 
When a party relies on UGE, and a user grants a UGE, the user agent MUST change the DNT expression to DNT:0 for that network interaction. The user agent MUST provide easy access to the list of UGEs as well as provide a means to easily revoke an individual UGE or all UGEs. 
</text> 

Received on Monday, 24 June 2013 21:58:58 UTC