W3C home > Mailing lists > Public > public-tracking@w3.org > March 2013

Re: TPE Handling Out-of-Band Consent (including ISSUE-152)

From: Ronan Heffernan <ronansan@gmail.com>
Date: Tue, 19 Mar 2013 05:59:39 -0400
Message-ID: <CAHyiW9+N1m5CnbjCA9jvJ2i6B4C17YCVHL0SJSQnCVdsdPriKw@mail.gmail.com>
To: David Singer <singer@apple.com>
Cc: "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
David,

   That is pretty much what I was proposing, though we could certainly add
some protective language to make it clear that the data cannot be used
(except under other fraud and technical-operation permitted uses) until the
determination of OOBC is made.  Regarding "delete all the data we don't
have consent for", some servers might delete the data, others might be just
de-identify it to the same extent that one would have to perform for other
non-consented data.

--ronan


On Mon, Mar 18, 2013 at 8:47 PM, David Singer <singer@apple.com> wrote:

> I share Justin's concerns, but I also understand where Ronan is coming
> from.  I am not sure I see what to do here, but let's try.  Let me see if I
> can summarize...
>
> What Matthias wrote: the site that thinks it has consent has to tell the
> user, and offer a URI where the user can review and possibly update that
> consent ('control').
>
> What Ronan wrote: we collect all the data ('short term raw data permitted
> use') and then delete all the data we don't have consent for.
>
> What Justin asks:  How does the user know where they stand (a pretty basic
> need)?
>
>
> I hate to suggest even more status/qualifiers, but do we need one for
> 'possible consent'?  That would flag to the user that they could check by
> visiting the 'control' link...
>
Received on Tuesday, 19 March 2013 10:00:32 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:45:07 UTC