W3C home > Mailing lists > Public > public-tracking@w3.org > March 2013

Re: TPE Handling Out-of-Band Consent (including ISSUE-152)

From: Ronan Heffernan <ronansan@gmail.com>
Date: Mon, 18 Mar 2013 13:16:35 -0400
Message-ID: <CAHyiW9LfPQV8BzjM=agex=j4AodVZhNyU+iEP7XLsdwTp-V5WQ@mail.gmail.com>
To: "Matthias Schunter (Intel Corporation)" <mts-std@schunter.org>
Cc: "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>

We discussed real-time feedback of out-of-band consent, and that is not
going to work in many applications.  To move the determination of OOBC into
the real-time interaction with the User Agents would take a prohibitive
amount of time with large panels and widely-distributed server
infrastructure.  In some cases that relevant information has not even been
collected from panel members to make the determination until some hours
after the interaction.


On Mon, Mar 18, 2013 at 10:49 AM, Matthias Schunter (Intel Corporation) <
mts-std@schunter.org> wrote:

>  Hi Team,
> my summary of our discussion at the face2face on "Out of Band Consent".
> Loosely speaking, out of band consent is
> - a state where a site believes that it has sufficient permissions that
> allow
>   it to track a user even if a user has sent a DNT;1 preference
> - this belief is caused by mechanisms that are not part of this spec
>   (e.g., obtaining a preference via the exception API is not considered
> out of band).
> The current TPE spec handles out of band consent as follows:
> - The spec does not say how a site may or may not obtain out of band
> consent
> - The spec requires that a site who wants to act on out of band consent
>   sends a signal "C" that is defined in the TPE spec as follows:
>   *"Consent*: The designated resource believes it has received prior
> consent for tracking this user, user agent, or
>    device, perhaps via some mechanism not defined by this specification,
> and that prior consent overrides the tracking preference expressed by this
> protocol."
> - The spec allows a site to publish an URL "control" via its well-known
> resource where a user is permitted to manage consent.
> - The user agents are free to use this information ("C" signal and URL) as
> they deem most appropriate for their user group.
>   We do not mandate specific UA behavior.
> My impression from our discussion in the room was that everyone is OK with
> this approach.
> I will re-confirm this using an "OK to close" email in order to move us
> towards closing ISSUE-152.
> Feel free to provide feedback or corrections in case I overlooked anything.
> Regards,
> matthias
Received on Monday, 18 March 2013 17:17:23 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:45:07 UTC