Re: issue-170

On Jun 4, 2014, at 5:38 AM, Mike O'Neill wrote:
> If a 1st Party receives a request with DNT:0 set then data regarding the user MAY be used or shared but, if the header signal resulted from an explicitly-granted exception, only for the purposes that were clearly and comprehensively explained when the exception was granted.

There is no need for this text.  If a server receives DNT:0,
it will behave according to its own set of practices for DNT:0.
It is not going to change its practices on a per-user basis.

If those practices exceed whatever the server might have stated in some
request for a UGE, the server owner is inviting regulatory action or
lawsuits.  We do not need to say anything about servers that mislead.

If the server does not request UGEs (and thus only receives DNT:0 when
set web-wide), then it has no control over what was explained to the user
and is instead relying on the browser configuration.  What the browser
configuration means is largely outside the scope of compliance, though
we all hope that they will eventually become consistent.

....Roy

Received on Friday, 6 June 2014 17:56:29 UTC