RE: issue-170

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Chris,

I agree DNT:0 should signal consent for tracking, but we have restricted “tracking” to be only “across multiple contexts”, which does not compute in Europe because here there needs to be a legal basis for processing (for any party not just third-parties). Anyway when we have got this issue out of the way I will emit more text.

mike



Sent: 07 June 2014 21:18
To: Mike O'Neill
Cc: Roy T. Fielding; W3C DNT Working Group Mailing List
Subject: Re: issue-170

Who's going to certify how DNT:0 was set? I agree with Roy, let industry self-regulation oversight programs (i.e. Council of Better Business Bureaus in the US) or regulators deal with bad actors, per enforcement of local codes, regulation, and laws. The bad actors aren't going to follow this spec anyway. In my experience around self-regulatory enforcement, the good actors have a vested interest in reporting the bad actors when they find them (simple market dynamics).

Industry needs an easy to determine signal to process at scale. If you see DNT:0, you have consent- simple as that.

- --
Chris Mejia


On Jun 6, 2014, at 3:47 PM, "Mike O'Neill" <michael.oneill@baycloud.com> wrote:
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Chris,

What is not implementable at scale & in real-time, the UGE? I can assure you it can and in fact already has.

Mike



- -----Original Message-----
From: Chris Mejia [mailto:elementslifestylegroup@hotmail.com]
Sent: 06 June 2014 19:50
To: Roy T. Fielding; Mike O'Neill
Cc: W3C DNT Working Group Mailing List
Subject: Re: issue-170

Agree with Roy on this. Logistically/technically speaking, the proposal is
not implementable at scale, in real-time.

- --
Chris Mejia






On 6/6/14, 10:56 AM, "Roy T. Fielding" <fielding@gbiv.com> wrote:

On Jun 4, 2014, at 5:38 AM, Mike O'Neill wrote:
If a 1st Party receives a request with DNT:0 set then data regarding
the user MAY be used or shared but, if the header signal resulted from
an explicitly-granted exception, only for the purposes that were clearly
and comprehensively explained when the exception was granted.

There is no need for this text.  If a server receives DNT:0,
it will behave according to its own set of practices for DNT:0.
It is not going to change its practices on a per-user basis.

If those practices exceed whatever the server might have stated in some
request for a UGE, the server owner is inviting regulatory action or
lawsuits.  We do not need to say anything about servers that mislead.

If the server does not request UGEs (and thus only receives DNT:0 when
set web-wide), then it has no control over what was explained to the user
and is instead relying on the browser configuration.  What the browser
configuration means is largely outside the scope of compliance, though
we all hope that they will eventually become consistent.

....Roy

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (MingW32)
Comment: Using gpg4o v3.3.26.5094 - http://www.gpg4o.com/
Charset: utf-8

iQEcBAEBAgAGBQJTkkUQAAoJEHMxUy4uXm2J4M4H/1ERdk61XdWOyBj9Z53CHckx
6vNiU1hgnGzI3cpBeOdSgcaPfwS6IMRfpe+LNQKvuXZHlfEKsnUYpgtqiqkSdQZV
ej35JIN8pSPCxAp7MXoQxQ0uihh/oNMF/nM8fJdb4mAPDyt/yiJ3QcVO/p7mimP2
EYaQVtSQDqL75wCyeQcBXVSL10FhuVkvqW22DFp95fb+5P1XvG5jnux1GJvjQfB4
ZIArJ8/y5rNtURwvoBZc0mS/sc4iPYK0d77qlzLp/zHVCO7JsWdd/syuQ806M0CR
E3nArZqmrx8EQIzPq47Q7ssA9/7qRyCk7hFqHYADMN3qqBnVeDvJojVD4Ix/irU=
=g/oK
- -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (MingW32)
Comment: Using gpg4o v3.3.26.5094 - http://www.gpg4o.com/
Charset: utf-8

iQEcBAEBAgAGBQJTlatJAAoJEHMxUy4uXm2JFcYIAJQWTKQ4QfwXhexsTCD3hw9Q
CgXLehTjkmkC9OP0HB14Ccy/5RvV3uHIPtVCHTse0ljM8yoMZ0PczGqQ3GOogVO9
1zJ0WkhxRCwzpQlfBbs5uukJHNdQaaUcqlcAPY5cRfNtvXVCRFd4b6+NRsURCaa1
LiUa1hxIaPF6UK/xknH+oe+POw1bAlOBuiJRkykTfCkYgpd2OrCyyqLGEZQe5lmY
9BK+ZeStk8XYNERcEvEElod6V6nboQbSM4YH7K4PfSdme3WmHHOiAiTLYpw+L3aJ
b0i/j94FGwRDo7vMvdpZg58PTSl4E1fB1jMI24xZOClDDLDDJEblBKA5hlMLQHI=
=Ui1f
-----END PGP SIGNATURE-----