Re: DNT:1 and "data append"


I completely agree with your analysis and believe language I suggested makes that clear.  I understand others are working on data append text and hope my text could be merged with that.  Again, here is my proposed text:


When DNT:1 is received:
-- A 1st Party MUST NOT share share identifiable data with another party unless the data was provided voluntarily by the user and is necessary to complete a business transaction with the user.
-- A 1st Party MUST NOT combine identifiable data from another party with data it has collected while a 1st Party.


On Mar 27, 2013, at 7:20 AM, Alan Chapell <> wrote:

> Yes, the DNT HTTP header is an expression about an online transaction.
> When DNT is enacted, an online transaction can't be tailored by a profile.
> Whether that profile was derived from 1) a URL string across multiple
> website visits or 2) an offline database should not matter. A User seeking
> not to be tracked while online is unlikely to be able to make such
> distinctions - and neither should we.
> On 3/27/13 1:26 AM, "Nicholas Doty" <> wrote:
>> On Mar 25, 2013, at 12:34 PM, Alan Chapell
>> <> wrote:
>>> Thanks David. Perhaps this will help clarify where some of the confusion
>>> lay. In any event, I look forward to discussing further on Wednesday.
>>> On 3/21/13 3:16 PM, "David Singer" <> wrote:
>>>> I remain somewhat puzzled by this discussion.  Let's see if I can
>>>> explain
>>>> my puzzlement, and maybe the answers will help shed light.
>>>> DNT is an expression about privacy in an online transaction (between a
>>>> user and their user-agent, and a server, over HTTP or similar
>>>> protocols).
>>> I recognize that this is the position of some in the group.
>> Is there disagreement on this part of David's summary? The DNT HTTP
>> header is quite directly an expression about a particular online
>> transaction. The group agreed very early on to make the expression apply
>> to that particular request (which an HTTP header is well-suited for) and
>> not to imply, for example, retroactive deletion.
>>> It's worth
>>> noting that this is not how DNT is described in the charter. The charter
>>> describes DNT as a "preference expression mechanism ("Do Not Track") and
>>> technologies for selectively allowing or blocking tracking elements."
>>> I note that we have chosen not to define tracking or "tracking elements"
>>> in this working group, which may be a reason for some of the confusion.
>> To provide some context, the text in the charter "selectively allowing or
>> blocking tracking elements" referred to formats for determining white and
>> black listing for blocking purposes; we did some early work on the
>> Tracking Selection Lists specification, working from a submission from
>> Microsoft. The group has subsequently decided to stop work on those
>> deliverables, with the preference for not working on formats that would
>> enable blocking.
>> While "Do Not Track" in the press or in the terms of some companies has
>> been used to refer to almost any privacy or blocking measure, we have
>> used it here (and the charter follows this convention) to refer to the
>> preference expression mechanism -- where you express the preference "Do
>> Not Track" -- and not to blocking mechanisms, even though lists for
>> selectively blocking HTTP requests were also in scope of the Tracking
>> Protection Working Group.
>> Hope this provides some clarity,
>> Nick

Received on Wednesday, 27 March 2013 19:28:29 UTC