- From: Roy T. Fielding <fielding@gbiv.com>
- Date: Mon, 21 Apr 2014 00:30:16 -0700
- To: Mike O'Neill <michael.oneill@baycloud.com>
- Cc: "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
On Apr 19, 2014, at 2:15 AM, Mike O'Neill wrote: > But the need for clarity means that the user should be informed why the D signal has been sent. Just putting a list in a privacy policy of possible reasons a valid DNT might be rejected leaves the door open for arbitrariness and possible discrimination (on the grounds of a user's technology choice as Rob points out), and may lead to the D response becoming a more common occurrence. A user's technology choice is the main reason a D response will be used. That is not arbitrary, and of course it discriminates against certain technology (not people). The effect of that discrimination is what regulators would have to look at to decide whether DNT has any value whatsoever, so it is in everyone's best interests to adhere to the standard and call out those who don't. All we are doing with "D" is communicating the server's policy. The privacy policy is the right place to provide longer explanations. It is the one document prepared by lawyers and approved by the company. If the server behavior differs from that policy, intentionally or by programmer mistake, regulatory agencies have established mechanisms for addressing it. ....Roy
Received on Monday, 21 April 2014 07:30:42 UTC