- From: Mike O'Neill <michael.oneill@baycloud.com>
- Date: Mon, 22 Sep 2014 20:42:37 +0100
- To: "'Roy T. Fielding'" <fielding@gbiv.com>, "'Tracking Protection Working Group'" <public-tracking@w3.org>
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 A sunset period for tracking consent has been called for by the DPAs in Europe with the CNIL specifying no more than 13 months. Some responsible companies may want it to default to less than that, or give the user an option. There is no reason that the API could not be extended to support that with an expiry/max-age parameter as in cookies. Otherwise it would be left to the user agents to come up with arbitrary defaults. Mike > -----Original Message----- > From: Roy T. Fielding [mailto:fielding@gbiv.com] > Sent: 22 September 2014 20:25 > To: Tracking Protection Working Group > Subject: Re: tracking-ISSUE-258: automatic expiration of a tracking preference > [TPE Last Call] > > On Jul 12, 2014, at 6:57 PM, Tracking Protection Working Group Issue Tracker > wrote: > > > tracking-ISSUE-258: automatic expiration of a tracking preference [TPE Last > Call] > > > > http://www.w3.org/2011/tracking-protection/track/issues/258 > > > > Raised by: Nick Doty > > On product: TPE Last Call > > > > http://lists.w3.org/Archives/Public/public-tracking-comments/2014Jun/att- > 0000/20140606_WP29_TS_standardisation_letter_to_W3C.pdf > > > > Article 29 Working Party requests functionality for automatic expiration of > preferences/exceptions. > > > > > > With regard to some parallel initiatives, such as notice-and-choice programs, > the Working Party acknowledges that they can function as supporting measures > to remind users that they can withdraw their tracking preference at any time. > But the Draft TPE Specification currently lacks a building block that ensures the > automatic expiration of a tracking preference. Under European data protection > law, personal data must be adequate and accurate, and stored no longer than > necessary. In order to comply with these requirements, the introduction of an > automatic expiration feature is necessary to allow users to exercise effective > control. Therefore, the Working Party recommends adding this requirement to > the building blocks. > > WONTFIX. > > The Working Party appears to be assuming that TPE will work in the same > way as current opt-out technology, wherein the option is actually set > and managed by the server. > > For TPE, the storage of user preference is (at all times) under the control > of the user. If the user agent configuration has an expiration associated > with it, that expiration would not be visible to the TPE protocol. Since > we do not specify how a user agent is configured, we cannot require that > such configuration has an expiration. Likewise, a server has no ability to > require a minimum time before expiration. > > > Cheers, > > Roy T. Fielding <http://roy.gbiv.com/> > Senior Principal Scientist, Adobe <http://www.adobe.com/> > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (MingW32) Comment: Using gpg4o v3.3.26.5094 - http://www.gpg4o.com/ Charset: utf-8 iQEcBAEBAgAGBQJUIHutAAoJEHMxUy4uXm2J+JAH/1EMx6r3sdTreRj41v/QZ2Bt iKZSkaHA1x8Pb4dAA/Rq+VyrjoqV7c+wif7uJqnNyovZigicBmP/T4Nl6yMoRiii 6tow61gIZs8MkSYPhELE1Y/ESOaGaGvqnKkKPy2DUxWQmf1a/djOW6ViCPpHmnl1 TSP2R7E+U9AN8+n0UNX7vRgEC9n3O7xgNinYnh2U5/aG8i0g0RDHgQ9hOtTbJXBs OQ2gGyWU97/5YFxYzyHwF7j1EDly2PD1H5W4bAaqx4Dh8BqRO8eLioS7/LXqqVpH EITJ9I+l9zSlM5zxund1EaTPTalBz5t5C5ospVnq6sBS7RjWfLG0cxF791J6Xos= =IDeS -----END PGP SIGNATURE-----
Received on Monday, 22 September 2014 19:44:19 UTC