RE: TPE Handling Out-of-Band Consent (including ISSUE-152) from Mike O'Neill on 2013-03-23 (public-tracking@w3.org from March 2013)

From: Mike O'Neill <michael.oneill@baycloud.com>
Date: Sat, 23 Mar 2013 15:09:15 -0000
To: "'Ronan Heffernan'" <ronansan@gmail.com>
Cc: "'Rob van Eijk'" <rob@blaeu.com>, "'Roy T. Fielding'" <fielding@gbiv.com>, "'Justin Brookman'" <justin@cdt.org>, <public-tracking@w3.org>
Message-ID: <03b701ce27d8$64c69c40$2e53d4c0$@baycloud.com>

Hi Ronan,

 

I meant that you do not need to use OOBC, the DNT:0 in-band consent would
work fine if you had JS tags or not. You just need to let your panel-members
easily give your domain(s) web wide tracking consent and you are done. 

 

Connecting people's web history with long duration persistent identifiers is
tracking in my book, and this standard is about giving people the ability to
refuse it.

 

 

Mike

 

From: Ronan Heffernan [mailto:ronansan@gmail.com] 
Sent: 23 March 2013 14:46
To: Mike O'Neill
Cc: Rob van Eijk; Roy T. Fielding; Justin Brookman; public-tracking@w3.org
Subject: Re: TPE Handling Out-of-Band Consent (including ISSUE-152)

 

We also use JavaScript tags, not just pixel tags, though which one we use is
up to the publisher, not up to us.  Using JavaScript tags does not help us
with real-time OOBC determination; the limitations are server-side, and if
we could do real-time JS-tag lookup, we could do real-time pixel-tag lookup;
neither lookup is possible.  

Any kind of interaction with the user will most likely not be allowed to
occur, since few publishers will want their user experience turned to crap
by having the user interact with either User Agent pop-ups or custom pages
from third parties.  Even if all of that were not an issue, using the
in-band exception mechanism would skew research horribly, and the balanced
and tuned panels constructed by our Measurement Science department would be
replaced by biased and un-measurable crowds.  None of those mechanisms or
outcomes are acceptable.

I don't understand why you think that non-real-time determination of OOBC
undermines the standard, as long as only permitted uses are followed.  How
is there "tracking" if users for whom there is no consent have their data
de-identified to the same level that is required for DNT:1 users, before any
use?

--ronan



On Sat, Mar 23, 2013 at 7:02 AM, Mike O'Neill <michael.oneill@baycloud.com>
wrote:

It would be very easy to set up a page (that includes JS) with a document
origin the same as the 1x1 gif hostname., then execute the API to get
consent. A panel member just needs to visit the page and click a "I agree I
am a member of the panel" button. If they must run with JS disabled they
just need to set the DNT general pref. to 0.

 

We do not need to change the TPE for this and we are undermining the core
reason for the standard if we allow an exemption for it.

 

Mike

Received on Saturday, 23 March 2013 15:09:55 UTC