- From: Jack L. Hobaugh Jr <jack@networkadvertising.org>
- Date: Tue, 3 Jun 2014 16:49:22 -0400
- To: rob@blaeu.com
- Cc: Mike O'Neill <michael.oneill@baycloud.com>, public-tracking@w3.org, Rigo Wenning <rigo@w3.org>, Vinay Goel <vigoel@adobe.com>, Walter van Holst <walter.van.holst@xs4all.nl>, John Simpson <john@consumerwatchdog.org>
- Message-Id: <CEFD2379-F600-4646-8904-9C51C14E01CC@networkadvertising.org>
HI Rob, Thanks for furthering the discussion. My thoughts are based on the following sections of the TPE: Section 4: +++++++++++++ If the user's choice is DNT:1 or DNT:0, the tracking preference is enabled; otherwise, the tracking preference is not enabled. +++++++++++++ Section 5.1: ++++++++++ When enabled, a tracking preference is expressed as either: DNT meaning 1 This user prefers not to be tracked on the target site. 0 This user prefers to allow tracking on the target site. ++++++++++ Section 5.2: ++++++++++++++++ A user agent must generate a DNT header field with a field-value that begins with the numeric character "0" (%x30) if the user's tracking preference is enabled and their preference is for DNT:0, or if an exception has been granted for the request target. ++++++++++++++++ The TPE does not require that information be provided to the Origin Server as to how the DNT:0 was set. Also, it is clear from Section 7.6 of the TPE that limiting use after the reception of a DNT:0 signal, whether or not set by a UGE, was not contemplated: +++++++++++++++++ Furthermore, the named third party receiving the DNT:0 header acquires at least the right to collect data and process it for the given interaction and any other use unless it receives a DNT:1 header from that particular identified user agent. (emphasis added.) +++++++++++++++++ The suggested proposal would contradict the neutral position of the DNT:0 signal as written in the TPE and place a new burden on the Origin Server to determine whether the signal was set as a user preference or a UGE. And even if the server could determine how the DNT:0 was set, the TPE is also clear that after a DNT:0 signal is received by the origin server, even if set through a UGE, the user has given the server the right to “collect data . . . and any other use” until it receives a DNT:1. Best regards, Jack Jack L. Hobaugh Jr Network Advertising Initiative | Counsel 1620 Eye St. NW, Suite 210 Washington, DC 20006 P: 202-347-5341 | jack@networkadvertising.org The information contained in this e-mail is confidential and intended for the named recipient(s) only. However, it is not intended as legal advice nor should you consider it as such. You should contact a lawyer for any legal advice. If you are not an intended recipient of this email you must not copy, distribute or take any further action in reliance on it and you should delete it and notify the sender immediately. On Jun 3, 2014, at 3:03 PM, Rob van Eijk <rob@blaeu.com> wrote: > > Jack, > >>> As this proposal is written it would unfairly place a burden on the origin server to determine whether or not the DNT:0 signal was set in response to a user granted exception. > > In my view, the requirements of Mike's proposal resembles a necessary element to restore the balance between the user and the business need. Could you please explain why the burden is unfair? > > Rob > > Jack L. Hobaugh Jr schreef op 2014-06-03 20:50: >> Hi Mike, >> Thanks for your proposal. >> As I understand the second part of the proposal below, it implies that >> a DNT:0 signal is set through an explicitly-granted exception. >> But as I understand the TPE, a user granted exception is not required >> to set and send a DNT:0 signal. >> As this proposal is written it would unfairly place a burden on the >> origin server to determine whether or not the DNT:0 signal was set in >> response to a user granted exception. >> Also, there should not be a DNT:0 distinction between first and third >> parties as implied by the proposal below. >> Best regards, >> Jack >> Jack L. Hobaugh Jr >> Network Advertising Initiative | Counsel >> 1620 Eye St. NW, Suite 210 Washington, DC 20006 >> P: 202-347-5341 | jack@networkadvertising.org >> The information contained in this e-mail is confidential and intended >> for the named recipient(s) only. However, it is not intended as legal >> advice nor should you consider it as such. You should contact a lawyer >> for any legal advice. If you are not an intended recipient of this >> email you must not copy, distribute or take any further action in >> reliance on it and you should delete it and notify the sender >> immediately. >> On May 30, 2014, at 9:10 AM, Mike O'Neill >> <michael.oneill@baycloud.com> wrote: >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> Here is my text for Issue-170. >>> I have (hopefully friendly) amended John Simpsons Proposal by >>> referencing our definition of Tracking and taking out the >>> restriction in later data use as 3rd Party, as this is covered by >>> Walter’s Proposal for Issue-219 (which I support). I have also >>> incorporated the gist of Rigo’s Proposal about the use of DNT:0 as >>> an e-privacy consent mechanism, and the bit in Vinay’s proposal >>> about service providers. >>> Proposal: >>> If a 1st Party receives a request with DNT:1 set then data regarding >>> or identifying the user initiating the request MUST NOT be shared >>> between Parties outside the context of the request, other than >>> between the 1st Party and its service providers or for permitted >>> uses as defined within this recommendation. A 1st Party MAY elect >>> further restrictions on the collection or use of such data. >>> If, as a result of an explicitly-granted exception, a 1st Party >>> receives a request with DNT:0 set then data regarding the user MAY >>> be used or shared but only for the purposes that were clearly and >>> comprehensively explained when the exception was granted. >>> -----BEGIN PGP SIGNATURE----- >>> Version: GnuPG v1.4.13 (MingW32) >>> Comment: Using gpg4o v3.3.26.5094 - http://www.gpg4o.com/ [1] >>> Charset: utf-8 >>> iQEcBAEBAgAGBQJTiINJAAoJEHMxUy4uXm2Jtt0H+gIwe89nW5akvK8M/WAU0hPx >>> Mhg07ZnsPgjyaLJO/gXrjO+V42K9sv2E3cteLz8aGqCNkxT2x+XXt9oXF+zA17gl >>> WCfIfrGQ6SE1Z6TJrAItgDYPhp19cnARRn1skQqd3xaZ/GPn3W7ayaMWc8wxm805 >>> tth/kRaiCf+i73zrE8LuE63Y83M1MHqgAzolsAS0eeMVHKJH3FOYYd4StHQKqJeG >>> 0k3HkagAkml9JAKDejz5opVJSbOAX07VWOWqSWSwUvHf5jGo5V9vMs6c/AgLaMru >>> AIY8Vq0oWatAzVZkGUFxAjXo4OTu0P3vxo9tIlFM1PJmOHihh1fmEeYG2hc/E+o= >>> =qa25 >>> -----END PGP SIGNATURE----- >>> <PGPexch.htm><PGPexch.htm.sig> >> Links: >> ------ >> [1] http://www.gpg4o.com/
Received on Tuesday, 3 June 2014 20:49:53 UTC