TPE Handling Out-of-Band Consent (including ISSUE-152)

Hi Team,

my summary of our discussion at the face2face on "Out of Band Consent".

Loosely speaking, out of band consent is
- a state where a site believes that it has sufficient permissions that 
   it to track a user even if a user has sent a DNT;1 preference
- this belief is caused by mechanisms that are not part of this spec
   (e.g., obtaining a preference via the exception API is not considered 
out of band).

The current TPE spec handles out of band consent as follows:
- The spec does not say how a site may or may not obtain out of band consent
- The spec requires that a site who wants to act on out of band consent
   sends a signal "C" that is defined in the TPE spec as follows:
*"Consent*: The designated resource believes it has received prior 
consent for tracking this user, user agent, or
    device, perhaps via some mechanism not defined by this 
specification, and that prior consent overrides the tracking preference 
expressed by this protocol."
- The spec allows a site to publish an URL "control" via its well-known 
resource where a user is permitted to manage consent.
- The user agents are free to use this information ("C" signal and URL) 
as they deem most appropriate for their user group.
   We do not mandate specific UA behavior.

My impression from our discussion in the room was that everyone is OK 
with this approach.
I will re-confirm this using an "OK to close" email in order to move us 
towards closing ISSUE-152.

Feel free to provide feedback or corrections in case I overlooked anything.


Received on Monday, 18 March 2013 14:49:30 UTC