Re: TPE Handling Out-of-Band Consent (including ISSUE-152) from Ronan Heffernan on 2013-03-18 (public-tracking@w3.org from March 2013)

From: Ronan Heffernan <ronansan@gmail.com>
Date: Mon, 18 Mar 2013 13:16:35 -0400
To: "Matthias Schunter (Intel Corporation)" <mts-std@schunter.org>
Cc: "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
Message-ID: <CAHyiW9LfPQV8BzjM=agex=j4AodVZhNyU+iEP7XLsdwTp-V5WQ@mail.gmail.com>

Matthias,

We discussed real-time feedback of out-of-band consent, and that is not
going to work in many applications.  To move the determination of OOBC into
the real-time interaction with the User Agents would take a prohibitive
amount of time with large panels and widely-distributed server
infrastructure.  In some cases that relevant information has not even been
collected from panel members to make the determination until some hours
after the interaction.

--ronan



On Mon, Mar 18, 2013 at 10:49 AM, Matthias Schunter (Intel Corporation) <
mts-std@schunter.org> wrote:

>  Hi Team,
>
>
> my summary of our discussion at the face2face on "Out of Band Consent".
>
> Loosely speaking, out of band consent is
> - a state where a site believes that it has sufficient permissions that
> allow
>   it to track a user even if a user has sent a DNT;1 preference
> - this belief is caused by mechanisms that are not part of this spec
>   (e.g., obtaining a preference via the exception API is not considered
> out of band).
>
> The current TPE spec handles out of band consent as follows:
> - The spec does not say how a site may or may not obtain out of band
> consent
> - The spec requires that a site who wants to act on out of band consent
>   sends a signal "C" that is defined in the TPE spec as follows:
>   *"Consent*: The designated resource believes it has received prior
> consent for tracking this user, user agent, or
>    device, perhaps via some mechanism not defined by this specification,
> and that prior consent overrides the tracking preference expressed by this
> protocol."
> - The spec allows a site to publish an URL "control" via its well-known
> resource where a user is permitted to manage consent.
> - The user agents are free to use this information ("C" signal and URL) as
> they deem most appropriate for their user group.
>   We do not mandate specific UA behavior.
>
> My impression from our discussion in the room was that everyone is OK with
> this approach.
> I will re-confirm this using an "OK to close" email in order to move us
> towards closing ISSUE-152.
>
> Feel free to provide feedback or corrections in case I overlooked anything.
>
>
> Regards,
> matthias
>
>
>

Received on Monday, 18 March 2013 17:17:23 UTC