Re: TPE Handling Out-of-Band Consent (including ISSUE-152)

You are right, we only have 3 cases that seem to be acceptable.
The fourth case is deemed inappropriate since it does not enable the 
user to find out whether his expressed desire "DNT;1" was actually 
followed or not.


On 19/03/2013 13:42, Ronan Heffernan wrote:
> Matthias,
>    You said that we now have 4 cases, but you seem to have only 
> delineated 3 cases.  I think there is the fourth case: The site uses 
> out-of-band consent but the user cannot see or manage that consent via 
> a control link, and the site promises to respect it. Was that the 
> fourth case that you envisioned?
> --ronan
> On Tue, Mar 19, 2013 at 7:38 AM, Matthias Schunter (Intel Corporation) 
> < <>> wrote:
>     Hi!
>     for consent, we now have 4 cases:
>     1. The site has in-band consent (=DNT;0 either as a preference or
>     an exception)
>     2. The site is reasonably certain that it has out of band consent
>     3. The site uses out of band consent and a user can see (and maybe
>     manage) this out of band consent via "control" link
>         and the site promises to respect it
>     I believe this translates into two qualifiers:
>      C = I obtained consent (either in-band or out-of-band)
>      c  = I will handle your data according to the out of band consent
>     that you can retrieve via "control"
>            (in this case, the control link is mandatory).
>     If browsers care, they can differentiate the cases (1) and (2) by
>     means of the fact whether they have sent a DNT;0 or not.
>     Does this sound like an appropriate resolution?
>     Regards,
>      matthias

Received on Tuesday, 19 March 2013 13:40:33 UTC