- From: Walter van Holst <walter@vanholst.com>
- Date: Sun, 18 Dec 2016 12:48:31 +0100
- To: public-tracking@w3.org
On 2016-12-18 03:44, Jeff Jaffe wrote: >> Where Do Not Track comes in is that it could be a standard approach >> that would enable a clean path for first and third parties to comply >> with EU law, in particular with consent requirements. Article 29 WP >> has issued preliminary written guidance on where DNT must change in >> order to support EU laws. We should take their texts very seriously, >> IMHO. Ideally we finish our work and have the Art29WP say to >> companies, “Implement W3C DNT correctly, and you will not have >> legal issues here.” > > Even though we have no compliance spec? As far as DNT:1 is concerned, an EU compliance spec isn't really necessary. From an EU perspective DNT:1 is only necessary for 1st party and would mean an objection to first-party collections. In the EU context DNT:0 is the interesting part because it can be an expression of consent to 3rd parties, with DNT:1 potentially meaning withdrawal of such consent. Both under the GDPR and the current e-privacy directive and the future e-privacy regulation there's nothing to opt-out for regarding 3rd parties since 3rd party data collection requires user consent, so an opt-in. For neither scenario a compliance specification is strictly necessary, although it may be very helpful for practical purposes and to provide clarification, both for implementing parties and users. From where I am standing, getting a W3C compliance spec is a nice-to-have, but nowhere near necessary to make DNT a succes. Getting the TPE to have a more formal status, preferrably with some tweaks, however is. Regards, Walter
Received on Sunday, 18 December 2016 11:49:11 UTC