- From: Matthias Schunter (Intel Corporation) <mts-std@schunter.org>
- Date: Mon, 18 Mar 2013 15:49:06 +0100
- To: "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
- Message-ID: <51472962.1090109@schunter.org>
Hi Team,
my summary of our discussion at the face2face on "Out of Band Consent".
Loosely speaking, out of band consent is
- a state where a site believes that it has sufficient permissions that
allow
it to track a user even if a user has sent a DNT;1 preference
- this belief is caused by mechanisms that are not part of this spec
(e.g., obtaining a preference via the exception API is not considered
out of band).
The current TPE spec handles out of band consent as follows:
- The spec does not say how a site may or may not obtain out of band consent
- The spec requires that a site who wants to act on out of band consent
sends a signal "C" that is defined in the TPE spec as follows:
*"Consent*: The designated resource believes it has received prior
consent for tracking this user, user agent, or
device, perhaps via some mechanism not defined by this
specification, and that prior consent overrides the tracking preference
expressed by this protocol."
- The spec allows a site to publish an URL "control" via its well-known
resource where a user is permitted to manage consent.
- The user agents are free to use this information ("C" signal and URL)
as they deem most appropriate for their user group.
We do not mandate specific UA behavior.
My impression from our discussion in the room was that everyone is OK
with this approach.
I will re-confirm this using an "OK to close" email in order to move us
towards closing ISSUE-152.
Feel free to provide feedback or corrections in case I overlooked anything.
Regards,
matthias
Received on Monday, 18 March 2013 14:49:30 UTC