Re: Issue-170

Hi Jack,

Leaves the question: why is the burden unfair? The TPE does not underpin 
that claim. The TPE is just about the buildingblocks describing how to 
respond to a user expression.

Rob

Jack L. Hobaugh Jr schreef op 2014-06-03 21:49:
> HI Rob,
> 
> Thanks for furthering the discussion.
> 
> My thoughts are based on the following sections of the TPE:
> 
> Section 4:
> 
> +++++++++++++
> If the user's choice is DNT:1 or DNT:0, the tracking preference is
> enabled; otherwise, the tracking preference is not enabled.
> +++++++++++++
> 
> Section 5.1:
> 
> ++++++++++
> 
> When enabled [2], a tracking preference is expressed as either:
> 
>   DNT
>   MEANING
> 
>   1
>   This user prefers not to be tracked on the target site.
> 
>   0
>   This user prefers to allow tracking on the target site.
> 
> ++++++++++
> 
> Section 5.2:
> 
> ++++++++++++++++
> 
> A user agent must generate a DNT [3] header field with a field-value
> that begins with the numeric character "0" (%x30) if the user's
> tracking preference is enabled [2] and their preference is for DNT:0,
> or if an exception has been granted for the request target.
> ++++++++++++++++
> 
> The TPE does not require that information be provided to the Origin
> Server as to how the DNT:0 was set.
> 
> Also, it is clear from Section 7.6 of the TPE that limiting use after
> the reception of a DNT:0 signal, whether or not set by a UGE, was not
> contemplated:
> 
> +++++++++++++++++
> Furthermore, the named third party receiving the DNT:0 header acquires
> at least the right to collect data and process it for the given
> interaction and ANY OTHER USE UNLESS IT RECEIVES A DNT:1 header from
> that particular identified user agent. (emphasis added.)
> +++++++++++++++++
> 
> The suggested proposal would contradict the neutral position of the
> DNT:0 signal as written in the TPE and place a new burden on the
> Origin Server to determine whether the signal was set as a user
> preference or a UGE.
> 
> And even if the server could determine how the DNT:0 was set, the TPE
> is also clear that after a DNT:0 signal is received by the origin
> server, even if set through a UGE, the user has given the server the
> right to “collect data . . . and any other use” until it receives
> a DNT:1.
> 
> Best regards,
> 
> Jack
> 
> Jack L. Hobaugh Jr
> Network Advertising Initiative | Counsel
> 1620 Eye St. NW, Suite 210 Washington, DC 20006
> P: 202-347-5341 | jack@networkadvertising.org
> 
> The information contained in this e-mail is confidential and intended
> for the named recipient(s) only. However, it is not intended as legal
> advice nor should you consider it as such. You should contact a lawyer
> for any legal advice. If you are not an intended recipient of this
> email you must not copy, distribute or take any further action in
> reliance on it and you should delete it and notify the sender
> immediately.
> 
> On Jun 3, 2014, at 3:03 PM, Rob van Eijk <rob@blaeu.com> wrote:
> 
>> Jack,
>> 
>> As this proposal is written it would unfairly place a burden on the
>> origin server to determine whether or not the DNT:0 signal was set
>> in response to a user granted exception.
> 
> In my view, the requirements of Mike's proposal resembles a necessary
> element to restore the balance between the user and the business need.
> Could you please explain why the burden is unfair?
> 
> Rob
> 
> Jack L. Hobaugh Jr schreef op 2014-06-03 20:50:
> 
>> Hi Mike,
>> Thanks for your proposal.
>> As I understand the second part of the proposal below, it implies
>> that
>> a DNT:0 signal is set through an explicitly-granted exception.
>> But as I understand the TPE, a user granted exception is not
>> required
>> to set and send a DNT:0 signal.
>> As this proposal is written it would unfairly place a burden on the
>> origin server to determine whether or not the DNT:0 signal was set
>> in
>> response to a user granted exception.
>> Also, there should not be a DNT:0 distinction between first and
>> third
>> parties as implied by the proposal below.
>> Best regards,
>> Jack
>> Jack L. Hobaugh Jr
>> Network Advertising Initiative | Counsel
>> 1620 Eye St. NW, Suite 210 Washington, DC 20006
>> P: 202-347-5341 | jack@networkadvertising.org
>> The information contained in this e-mail is confidential and
>> intended
>> for the named recipient(s) only. However, it is not intended as
>> legal
>> advice nor should you consider it as such. You should contact a
>> lawyer
>> for any legal advice. If you are not an intended recipient of this
>> email you must not copy, distribute or take any further action in
>> reliance on it and you should delete it and notify the sender
>> immediately.
>> On May 30, 2014, at 9:10 AM, Mike O'Neill
>> <michael.oneill@baycloud.com> wrote:
>> 
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>> Here is my text for Issue-170.
>>> I have (hopefully friendly) amended John Simpsons Proposal by
>>> referencing our definition of Tracking and taking out the
>>> restriction in later data use as 3rd Party, as this is covered by
>>> Walter’s Proposal for Issue-219 (which I support). I have also
>>> incorporated the gist of Rigo’s Proposal about the use of DNT:0
>>> as
>>> an e-privacy consent mechanism, and the bit in Vinay’s proposal
>>> about service providers.
>>> Proposal:
>>> If a 1st Party receives a request with DNT:1 set then data
>>> regarding
>>> or identifying the user initiating the request MUST NOT be shared
>>> between Parties outside the context of the request, other than
>>> between the 1st Party and its service providers or for permitted
>>> uses as defined within this recommendation. A 1st Party MAY elect
>>> further restrictions on the collection or use of such data.
>>> If, as a result of an explicitly-granted exception, a 1st Party
>>> receives a request with DNT:0 set then data regarding the user MAY
>>> be used or shared but only for the purposes that were clearly and
>>> comprehensively explained when the exception was granted.
>>> -----BEGIN PGP SIGNATURE-----
>>> Version: GnuPG v1.4.13 (MingW32)
>>> Comment: Using gpg4o v3.3.26.5094 - http://www.gpg4o.com/ [1] [1]
>>> Charset: utf-8
>>> iQEcBAEBAgAGBQJTiINJAAoJEHMxUy4uXm2Jtt0H+gIwe89nW5akvK8M/WAU0hPx
>>> Mhg07ZnsPgjyaLJO/gXrjO+V42K9sv2E3cteLz8aGqCNkxT2x+XXt9oXF+zA17gl
>>> WCfIfrGQ6SE1Z6TJrAItgDYPhp19cnARRn1skQqd3xaZ/GPn3W7ayaMWc8wxm805
>>> tth/kRaiCf+i73zrE8LuE63Y83M1MHqgAzolsAS0eeMVHKJH3FOYYd4StHQKqJeG
>>> 0k3HkagAkml9JAKDejz5opVJSbOAX07VWOWqSWSwUvHf5jGo5V9vMs6c/AgLaMru
>>> AIY8Vq0oWatAzVZkGUFxAjXo4OTu0P3vxo9tIlFM1PJmOHihh1fmEeYG2hc/E+o=
>>> =qa25
>>> -----END PGP SIGNATURE-----
>>> <PGPexch.htm><PGPexch.htm.sig>
>> Links:
>> ------
>> [1] http://www.gpg4o.com/ [1]
> 
> 
> 
> Links:
> ------
> [1] http://www.gpg4o.com/
> [2]
> http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#dfn-enabled
> [3] 
> http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#dfn-dnt

Received on Wednesday, 4 June 2014 08:07:34 UTC