W3C home > Mailing lists > Public > public-tracking@w3.org > March 2013

RE: TPE Handling Out-of-Band Consent (including ISSUE-152)

From: Rob van Eijk <rob@blaeu.com>
Date: Sat, 23 Mar 2013 18:06:10 +0100
To: "Mike O'Neill" <michael.oneill@baycloud.com>, "'Ronan Heffernan'" <ronansan@gmail.com>
CC: public-tracking@w3.org, "'Roy T. Fielding'" <fielding@gbiv.com>, "'Justin Brookman'" <justin@cdt.org>
Message-ID: <da205596-3625-4297-b0de-d1f1c1be1efd@email.android.com>

Ronan,

WIll the secure delete requirement be a MUST in normative text in the compliance document?? ie how strong is your compare and forget proposal? Does it prevent processing under the exceptions that currently exist under DNT:1 text eg security?

Rob
 


Mike O'Neill <michael.oneill@baycloud.com> wrote:

>Hi Ronan,
>
> 
>
>If you said that the collected data would be de-identified and also
>made
>unlinkable i.e. the identifiers were transparently deleted immediately
>after
>collection (or maybe after a short time to filter out multiple visits
>and
>detect unique visitors), then that would work in my opinion (if you
>cannot
>get explicit consent). But the unlinkability is important because that
>goes
>to the essence of Do Not Track.
>
> 
>
>Mike
>
> 
>
>From: Ronan Heffernan [mailto:ronansan@gmail.com] 
>Sent: 23 March 2013 15:22
>To: Mike O'Neill
>Cc: Rob van Eijk; Roy T. Fielding; Justin Brookman;
>public-tracking@w3.org
>Subject: Re: TPE Handling Out-of-Band Consent (including ISSUE-152)
>
> 
>
>We are not talking about connecting people's web history with
>long-duration
>persistent identifiers, for any person who has not consented.  We are
>talking about boiling any non-consented data down to the usual,
>acceptable,
>level of de-identification for all non-consented users within, say,
>48-hours
>(we could live with less; I don't know if every research company can).
>
>--ronan
>
>
>
>On Sat, Mar 23, 2013 at 11:09 AM, Mike O'Neill
><michael.oneill@baycloud.com>
>wrote:
>
>Hi Ronan,
>
> 
>
>I meant that you do not need to use OOBC, the DNT:0 in-band consent
>would
>work fine if you had JS tags or not. You just need to let your
>panel-members
>easily give your domain(s) web wide tracking consent and you are done. 
>
> 
>
>Connecting people's web history with long duration persistent
>identifiers is
>tracking in my book, and this standard is about giving people the
>ability to
>refuse it.
>
> 
>
> 
>
>Mike
>
> 
>
> 
Received on Saturday, 23 March 2013 17:07:14 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:45:07 UTC