Re: Issue-207

On Apr 19, 2014, at 2:15 AM, Mike O'Neill wrote:

> But the need for clarity means that the user should be informed why the D signal has been sent. Just putting a list in a privacy policy of possible reasons a valid DNT might be rejected leaves the door open for arbitrariness and possible discrimination (on the grounds of a user's technology choice as Rob points out), and may lead to the D response becoming a more common occurrence.

A user's technology choice is the main reason a D response will be used.
That is not arbitrary, and of course it discriminates against certain
technology (not people).  The effect of that discrimination is what
regulators would have to look at to decide whether DNT has any value
whatsoever, so it is in everyone's best interests to adhere to the standard
and call out those who don't.

All we are doing with "D" is communicating the server's policy.
The privacy policy is the right place to provide longer explanations.
It is the one document prepared by lawyers and approved by the company.
If the server behavior differs from that policy, intentionally or by
programmer mistake, regulatory agencies have established mechanisms for
addressing it.


Received on Monday, 21 April 2014 07:30:42 UTC