Re: TPE Handling Out-of-Band Consent (including ISSUE-152)

Hi Ronan,

just to explain: This approach is our default for obtaining consent 
(called "exceptions" in TPE language).

1. A user visits a site with DNT;1 set
2. The site asks the user for a permission to personalise/track/...
3. If the user is OK with providing consent to this site, the site 
stores an "exception" in the browser
4. The browser starts sending DNT;0 to this site; this indicates that 
the site has consent

The advantage is that the user has transparency (users may look into the 
exceptions in their browser)
and can withdraw their consent (I hope you are not calling this 'abuse') 
by removing an exception.
Furthermore, the DNT;0 signals will reliably reflect the users preference.

Does this clarify your question?


On 22/03/2013 20:42, Ronan Heffernan wrote:
> If I understand the part of your proposal about the client-side 
> software overriding the user's DNT:1 with a DNT:0, I find that to be a 
> troubling and dangerous suggestion, far more open to abuse and less 
> transparent to users than non-real-time OOBC determination.

Received on Tuesday, 26 March 2013 19:19:42 UTC