Re: ISSUE-184

On 225//13 9:19 PM, JC Cannon wrote:
> Under DNT, third parties are not allowed to collect data for
> targeting purposes or share data with third parties so any
> third-party data used by the first party would have only been
> collected when DNT was disabled or absent.

Dear J.C.,

My understanding of the spec (which may be flawed, so bear with me) is
that it allows for third-parties to ignore any DNT signal provided that
they do not claim to be DNT-compliant. While the current spec allows a
first-party to collect data while claiming DNT-compliance, even when
appending it with data collected in a third-party quality (with which I
disagree, but that is not the issue at hand).

So to be slightly more specific about the scenario mentioned in ISSUE-184:


- News site A claiming to be DNT-compliant, and actually does not
collect data at all itself, it also does not directly demand any
personal data whatsoever. But...

- through some Javascript-Fu, it (possibly inadvertedly) makes its
content only available if the UA renders a third-party single-pixel

Or alternatively, it only makes it content available if the third-party
receives a DNT:unset or DNT:0 signal.

So all parties involved can claim DNT-compliance, even the third-party.
It does not provide its content under a DNT:1 signal (what the spec
allows for).

To me any DNT:0 signal such third-party receives is not freely given

To cut a very long story short: if you make your content dependent on
third-party content that either is not DNT-compliant or requires a DNT:0
or DNT:unset signal, you cannot in good faith claim to be DNT-compliant
unless you use the SAME-PARTY feature. Because from a user-perspective
you are acting as the same party.



Received on Wednesday, 22 May 2013 19:41:34 UTC