- From: Roy T. Fielding <fielding@gbiv.com>
- Date: Fri, 6 Jun 2014 10:56:06 -0700
- To: Mike O'Neill <michael.oneill@btinternet.com>
- Cc: W3C DNT Working Group Mailing List <public-tracking@w3.org>
On Jun 4, 2014, at 5:38 AM, Mike O'Neill wrote: > If a 1st Party receives a request with DNT:0 set then data regarding the user MAY be used or shared but, if the header signal resulted from an explicitly-granted exception, only for the purposes that were clearly and comprehensively explained when the exception was granted. There is no need for this text. If a server receives DNT:0, it will behave according to its own set of practices for DNT:0. It is not going to change its practices on a per-user basis. If those practices exceed whatever the server might have stated in some request for a UGE, the server owner is inviting regulatory action or lawsuits. We do not need to say anything about servers that mislead. If the server does not request UGEs (and thus only receives DNT:0 when set web-wide), then it has no control over what was explained to the user and is instead relying on the browser configuration. What the browser configuration means is largely outside the scope of compliance, though we all hope that they will eventually become consistent. ....Roy
Received on Friday, 6 June 2014 17:56:29 UTC