- From: Rigo Wenning <rigo@w3.org>
- Date: Tue, 26 Mar 2013 14:51:01 +0100
- To: Ronan Heffernan <ronansan@gmail.com>
- Cc: public-tracking@w3.org, "Roy T. Fielding" <fielding@gbiv.com>, Justin Brookman <justin@cdt.org>
Ronan, first thanks for the fruitful discussion. In fact you're collecting data regardless and do the filtering later. If personal data is currency, this is like handing the purse, the merchant takes out what he wants and gives the purse back. This is not unusual, but needs a lot of trust. In this situation, you collect data as if you would have consent for all and later revoke. Because otherwise you would have to signal either that you don't follow DNT or have a reaction on a switch from DNT:0 to DNT:1 and vice versa. You want neither. So I still think C is the right response with tons of false positives that you need to get rid of as soon as you can to avoid liability. With the "L" statement you want to escape that grey area. So far the situation. I think it is understood. Now solutions: There are many many options. I know that most industries want to continue as is. "L" is allowing for that. There are other options: - tone down the vacuum cleaner a bit until you know you have consent - store the consent value in the browser. The decentralized store will allow you to have instant knowledge (that your database system does not seem to allow, which I find surprising) - operate with C and take the risk (adding non-normative content to the combination of OOB and short term storage permitted uses. - improve your systems to react on DNT - work under the rules suggested by Kathy unless you're sure about your OOB - L could mean total purpose limitation until OOB check and transformation has occured. and some more.. So this dialog can't be a dichotomy of "either I say L or I will go out of business". At least that's what I hope for. As I can't look into your systems, you also need to help us understand and work towards a solution that respects the persons who do not want to be tracked at that very moment. --Rigo On Tuesday 26 March 2013 08:47:27 Ronan Heffernan wrote: > I think that it is fine to have a response that means, "We operate > with OOBC and will make that determination later." I do not think > that it should be allowed for an entity to send a blanket signal that > means, "We think that we have consent from you.", just because that > determination will be made later. That seems deceptive, and I think > that authorizing that kind of blanket response could undermine > confidence in the spec. Doesn't "C" mean, "I think I have consent > from you."? That is why I suggested something like "L" for "later".
Received on Tuesday, 26 March 2013 13:51:27 UTC