Re: Issue-187 from David Singer on 2013-03-18 (public-tracking@w3.org from March 2013)

From: David Singer <singer@apple.com>
Date: Mon, 18 Mar 2013 09:17:57 -0700
To: Mike O'Neill <michael.oneill@baycloud.com>
Cc: public-tracking@w3.org
Message-id: <32639590-1231-49D9-8083-F41C4364CAA9@apple.com>

On Mar 16, 2013, at 4:44 , Mike O'Neill <michael.oneill@baycloud.com> wrote:

> The other use-case I previously pointed out was the ability for a first-party site in the EU to signal its embedded third-parties, in the case that the general preference is unset, that consent was required,  for example because the first-party site or the user was in an EU jurisdiction, but had not been obtained. This would require the site-specific API to register DNT:1 so that the third-parties could take the correct course of action even if the DNT general preference was unset.
>  
> Ah, this is for the case where the user has no preference set, but the site is aware that its third parties need to get a DNT:1 because the site is EU and it needs its third parties (who might serve sites from many jurisdictions and might not be in the EU) to get an explicit DNT:1?
>  
> Yes, that was the use-case I mentioned in Boston, and I hope to talk about on a future TPE call. If EU sites do not have this capability they may be forced to remove third-party content where they do not have an explicit agreement, or re-engineer their sites to conditionally edit out some third-party content when users have not given consent to them.
> 
> 
>  
> The site specific API should have the ability, for the document origin and a list of embedded third-parties (targets), to set the following :
> ·        Set DNT to 0
> ·        Set DNT to 1
> ·        Set DNT to the General Preference i.e. 0, 1, or unset
>  
> This could be done, for example, by supplying another DOMString member to the StoreSiteSpecificExceptionPropertyBag dictionary, specifying either “set-dnt-0”, “set-dnt-1” or “revoke”.
> 


Hi Mike

I think that we should make this a separate API;  the consent requirements are on setting a DNT:0 header; the consent requirements for setting a DNT:1 header are different, and indeed we'd have to think about how this would interact with a user preference of DNT:0.  At the moment we don't need a precedence rule, but if the APIs can ask for DNT:1 and then the user sets DNT:0 later, we'd have to work out what takes precedence when.

In summary: I see what you're asking for, and I wonder if we can leave this to a separate API and a future version?


David Singer
Multimedia and Software Standards, Apple Inc.

Received on Monday, 18 March 2013 16:18:31 UTC