Using "tracking" in compliance document (ISSUE-203)

Hi all,

As mentioned in the call last week, David and Roy have two different proposals to incorporate the definition of tracking into the compliance document.

They are available here: but let me try to summarize what I think is the key difference.

David's effectively says, if DNT:1 is on, third parties can't engage in tracking (as opposed to current language, which says "don't collect, retain, use, &c.).

Roy's says, if DNT:1 is on, you need to respond with what you do.  If you respond with "N," don't engage in tracking with respect to this network transaction.  If you respond with any other value, follow the rules for that value.

I think that means that if you respond with "T" and link to the TCS, you are required to only track for permitted uses, and following the general data minimization requirements (as described in TCS).  However, responding with a different value (including "D" for disregard) would not necessarily make you non-conformant with the spec (either TCS or TPE).

That may be a lossy explanation of both, but hopefully generally summarizes the possibilities.  Unfortunately, David won't be on the call tomorrow, so not sure we'll be able to make much progress.  However, I'm not convinced there's a genuine disagreement about what behavior should be when DNT:1 is on, and I'm hopeful this can be resolved amicably.

Received on Wednesday, 16 July 2014 02:21:26 UTC