- From: Ronan Heffernan <ronansan@gmail.com>
- Date: Tue, 26 Mar 2013 16:32:07 -0400
- To: "Matthias Schunter (Intel Corporation)" <mts-std@schunter.org>
- Cc: "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
- Message-ID: <CAHyiW9KmEGvyCYVz1B8+5QQDtR+F==MOuv+CxHw43dbDJt4dJA@mail.gmail.com>
Matthias, Perhaps I did not understand, but Justin's suggestion that I was replying to contained this, "I still do not understand why you cannot operate in-band or otherwise configure the user agent to send DNT:0 signals using your client-side software." The suggestion to "configure the user agent to send DNT:0 signals by using your client-side software", is the part that I think sounds dangerous and should be disallowed by the DNT spec. I don't think that 3rd-party software should be allowed to turn off a user's DNT:1 signal; that is very non-transparent and opts the user into full data disclosure with no explanation or recourse. That also does not sound like following the normal in-band exception process that you described. If I misunderstood the suggestion, my apologies. Also to clarify, no one ever suggested 53 weeks to make an OOBC determination. The longest time period that I suggested was 48-hours, though there might be other entities who would need more time, and I am not trying to use a W3C spec to shut-out smaller companies or organizations, with fewer resources. Any attempt to require massive engineering investment will disadvantage startups and other small players, giving power to entrenched interests. BTW, I am also suggesting that OOBC cannot always be withdrawn in-band. If a user signs a contract and gets paid to be a panelist, they need to follow the legal steps to break their contract, including (possibly) returning the money that they were paid. I don't think that we should expect an in-band exception-withdrawing mechanism to be able to withdraw a consent that was granted out-of-band. --ronan On Tue, Mar 26, 2013 at 3:19 PM, Matthias Schunter (Intel Corporation) < mts-std@schunter.org> wrote: > Hi Ronan, > > just to explain: This approach is our default for obtaining consent > (called "exceptions" in TPE language). > > 1. A user visits a site with DNT;1 set > 2. The site asks the user for a permission to personalise/track/... > 3. If the user is OK with providing consent to this site, the site stores > an "exception" in the browser > 4. The browser starts sending DNT;0 to this site; this indicates that the > site has consent > > The advantage is that the user has transparency (users may look into the > exceptions in their browser) > and can withdraw their consent (I hope you are not calling this 'abuse') > by removing an exception. > Furthermore, the DNT;0 signals will reliably reflect the users preference. > > Does this clarify your question? > > Regards, > matthias > >
Received on Tuesday, 26 March 2013 20:32:57 UTC