Re: Issue-207

On Apr 21, 2014, at 1:01 PM, Rob van Eijk wrote:

> A user's and regulators expectation is that DNT "should opt out  of  collection  of  behavioral  data  for  all  purposes  other  than  those  that  would  be consistent  with  the  context  of  the interaction; DNT should  be  comprehensive, effective,  and  enforceable.  It  should (...) not  permit technical  loopholes." (cf. FTC)

The DNT protocol does that.  Not implementing the protocol does nothing.

The signal is not sufficient to indicate conformance with the protocol.
It will require some expertise to determine when a user agent does not
conform to the protocol requirements.  However, once that determination
has been made, it is not a loophole to ignore that user agent's signals
since they are invalid HTTP.

> The D-response with an standard explenation in the privacy policy is a techical loophole in the standard. It reduces user transparancy and damages user control. Moreover, it allows for discrimition based on the judgement of a server of the correctness of the implementation in the user agent. That judgement should not be made on the back of the user while he is using the Web.

Then stop defending those who abuse the standard.  Normally, we
wouldn't even have this discussion because the folks advocating
implementation of the protocol would insist that a non-conforming
implementation be fixed.

> Please correct me if I am wrong, but isn't it fair to say that the company making such a judgement should not have the user pay for this judgement, but instead engage with the company who is resonsible for the user agent, and/or file a complaint with the regulator or competent authority?

The user doesn't pay anything, regardless.  The "D" signal is to
tell the user that their DNT signal is ignored.  They can choose
not to use the service, choose to use some other opt-out mechanism,
or choose to continue use of the service anyway.


Received on Monday, 21 April 2014 20:44:53 UTC