Re: TPE Handling Out-of-Band Consent (including ISSUE-152) from Justin Brookman on 2013-03-22 (public-tracking@w3.org from March 2013)

From: Justin Brookman <justin@cdt.org>
Date: Fri, 22 Mar 2013 15:29:20 -0400
To: public-tracking@w3.org
Message-ID: <514CB110.10900@cdt.org>

The 48 hours doesn't really matter if a consumer doesn't have visibility 
into the answer.  And anyway, in either case, you are seeking to hold 
and use the data for up to 53 weeks pursuant to the proposed market 
research exception.

I still do not understand why you cannot operate in-band or otherwise 
configure the user agent to send DNT:0 signals using your client-side 
software.  I'm sure there are engineering costs and challenges to all 
parties represented in the working group, but I had not heard before 
that responding to DNT:1 and DNT:0 signals would be technologically 
unfeasible (which would seemingly be more so for third parties without 
client-side software).

I also don't see how a conditional "C" signal helps.  Without 
definitive, machine-readable signals, it's hard to see how this system 
is accountable.  There is currently no general auditing requirement in 
the standard, and I would be reluctant to put one in as an unnecessary 
burden and expense.

Justin Brookman
Director, Consumer Privacy
Center for Democracy & Technology
tel 202.407.8812
justin@cdt.org
http://www.cdt.org
@JustinBrookman
@CenDemTech

On 3/22/2013 3:06 PM, Ronan Heffernan wrote:
> I sent a correction earlier, but I think our emails crossed.  In case 
> you did not notice, I am talking about a very short time, perhaps on 
> the order of 48 hours, not 53 weeks, to allow the system to determine 
> whether an OOBC exists.  Another difference is that the OOBC-not-found 
> condition might trigger a normal, DNT-compatible de-identification of 
> the data from non-OOBC users, rather than a discard of all of that 
> data.  That is a minor difference from a DNT perspective, but I want 
> to be clear.
>
> --ronan
>
>
> On Fri, Mar 22, 2013 at 1:53 PM, David Singer <singer@apple.com 
> <mailto:singer@apple.com>> wrote:
>
>
>     On Mar 22, 2013, at 10:45 , John Simpson
>     <john@consumerwatchdog.org <mailto:john@consumerwatchdog.org>> wrote:
>
>     > If David's characterization  of what Ronan is seeking is
>     correct, I'd suggest the practice would be incompatible with DNT:1
>
>     I kinda hope I am wrong…
>
>

Received on Friday, 22 March 2013 19:29:49 UTC