Hi Ronan,
If you said that the collected data would be de-identified and also made
unlinkable i.e. the identifiers were transparently deleted immediately after
collection (or maybe after a short time to filter out multiple visits and
detect unique visitors), then that would work in my opinion (if you cannot
get explicit consent). But the unlinkability is important because that goes
to the essence of Do Not Track.
Mike
From: Ronan Heffernan [mailto:ronansan@gmail.com]
Sent: 23 March 2013 15:22
To: Mike O'Neill
Cc: Rob van Eijk; Roy T. Fielding; Justin Brookman; public-tracking@w3.org
Subject: Re: TPE Handling Out-of-Band Consent (including ISSUE-152)
We are not talking about connecting people's web history with long-duration
persistent identifiers, for any person who has not consented. We are
talking about boiling any non-consented data down to the usual, acceptable,
level of de-identification for all non-consented users within, say, 48-hours
(we could live with less; I don't know if every research company can).
--ronan
On Sat, Mar 23, 2013 at 11:09 AM, Mike O'Neill <michael.oneill@baycloud.com>
wrote:
Hi Ronan,
I meant that you do not need to use OOBC, the DNT:0 in-band consent would
work fine if you had JS tags or not. You just need to let your panel-members
easily give your domain(s) web wide tracking consent and you are done.
Connecting people's web history with long duration persistent identifiers is
tracking in my book, and this standard is about giving people the ability to
refuse it.
Mike