Re: issue-170

Hi Mike,


I believe Jack has a valid point:
- If a site receives "DNT;0", then determining whether this was
triggered by a UGE or set as a general preference is difficult (or even
impossible in general).

To mitigate this concern, one option would be to outline an _efficient_
way how a site can decide whether DNT;0 was UGE or general preference.
An alternative would be to relax your requirement and say
> If a 1st Party receives a request with DNT:1 set then data regarding or identifying the user initiating the request MUST NOT be shared between Parties outside the context of the request, other than between the 1st Party and its service providers or for permitted uses as defined within this recommendation. A 1st Party MAY elect further restrictions on the collection or use of such data.
>
> If a 1st Party receives a request with DNT:0 set then data regarding the user MAY be used or shared but only for the purposes that were clearly and comprehensively explained when the exception was granted.
(The only change I made is the removal of the constraint "If, as a
result of an explicitly-granted exception, ".)


Opinions?


matthias

Am 04.06.2014 13:43, schrieb Mike O'Neill:
> Hi Jack,
>
> Your are right a DNT:0 could be set as a general preference but the
> proposal as it stands is silent on that. It only says a first party
> must not share if DNT:1 (though it may elect for further
> restrictions).  If a DNT:0 is received which was not a result of a UGE
> then the default case would be the same if DNT was unset, unless
> overridden by local law or voluntary further restrictions but IMO we
> do not need to open that can.
>
> Mike
>
>
>

Received on Wednesday, 4 June 2014 12:20:21 UTC