W3C home > Mailing lists > Public > public-tracking@w3.org > October 2013

RE: Reminder: Deadline for raising issues is October 02 (this Wednesday) issue-205, issue-189

From: Mike O'Neill <michael.oneill@baycloud.com>
Date: Tue, 1 Oct 2013 18:54:06 +0100
To: "'Rigo Wenning'" <rigo@w3.org>, <public-tracking@w3.org>
Cc: "'Matthias Schunter \(Intel Corporation\)'" <mts-std@schunter.org>
Message-ID: <1ddf01cebecf$39645ef0$ac2d1cd0$@baycloud.com>
Matthias, Justin

I would also like to have issue-189 (originally raised against global
considerations) raised against TCS, in the paragraph about User Granted

Text - a new paragraph under the User Granted Exceptions heading

A user can specify that certain requests for resources, for example those to
a particular set of host domains, contain a different DNT signal than that
indicated by the general preference. For example if the DNT general
preference is unset or set to DNT:1, certain requests can indicate DNT:0. It
is also possible that if the general preference is unset or set to DNT:0,
certain requests can indicate DNT:1. 


DNT will have a better chance to be accepted as an explicit consent signal
if it is also possible for EU based sites to cause a DNT:1 signal to be sent
to their embedded third-parties. In Europe no profiling should take place
unless consent has been explicitly given. Because there is no necessity for
a European citizen visiting the site of a EU based data-controller to set
the DNT general preference, it should be assumed that they may not. In this
case a server targeted by embedded third-party content (whose controller may
not be subject to EU law) may wrongly assume the absence of DNT in this case
allows them to collect PII. Extending the UGE to signal DNT:1 in addition to
the ability to signal DNT:0 would let EU based sites communicate their more
rigorous compliance requirements to unaffiliated third-parties. Their only
legal alternative would be not to use non-EU resident third-parties without
a service-provider agreement, or to cause such third-party content not to be
rendered to users that had not given their explicit consent.

There will need to be some minimal changes to the UGE API spec in the TPE
and I will document the changes necessary in the next few days (I think I
already did somewhere but I will do it again).


-----Original Message-----
From: Rigo Wenning [mailto:rigo@w3.org] 
Sent: 30 September 2013 22:06
To: public-tracking@w3.org
Cc: Matthias Schunter (Intel Corporation)
Subject: Re: Reminder: Deadline for raising issues is October 02 (this


ISSUE-147 and ISSUE-148 was raised against global considerations. I would
like to raise it against TCS now. I think we can close it later. 

Concrete text proposal would be to add the following paragraph to section 6:

Unless otherwise stated, a service receiving a DNT:0 signal from a user can
at least collect the following information: 

 - user data and contact data
 - information needed for stateful interactions, including preferences
 - clickstream data
 - payment data
 - profile data

This data can be combined with other data from external sources. The Privacy
Policy indicated in TPE 5.4.3 will further explain the currently active data
collection and its limitations even in case of a DNT:0 signal. 

This solves the requirement for having a determined permission within
regulated environments. 


On Monday 30 September 2013 22:21:19 Matthias Schunter wrote:
> Hi Team,
> just a friendly reminder. If you have an issue that is not yet on this
> list: http://www.w3.org/2011/tracking-protection/track/products/5
> Feel free to email us including:
> - What is the issue you want to be raised?
> - Why do you want to raise this issue?
> On October 16, all issues also need to be documented as required by 
> the plan:
>    http://www.w3.org/2011/tracking-protection/1309-plan.html
> Thanks a lot!
> matthias
Received on Tuesday, 1 October 2013 17:54:37 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:45:19 UTC