Re: ePrivacy & DNT

> On Dec 18, 2016, at 3:48 , Walter van Holst <walter@vanholst.com> wrote:
> 
> On 2016-12-18 03:44, Jeff Jaffe wrote:
> 
>>> Where Do Not Track comes in is that it could be a standard approach
>>> that would enable a clean path for first and third parties to comply
>>> with EU law, in particular with consent requirements. Article 29 WP
>>> has issued preliminary written guidance on where DNT must change in
>>> order to support EU laws. We should take their texts very seriously,
>>> IMHO. Ideally we finish our work and have the Art29WP say to
>>> companies, “Implement W3C DNT correctly, and you will not have
>>> legal issues here.”
>> Even though we have no compliance spec?
> 
> As far as DNT:1 is concerned, an EU compliance spec isn't really necessary. From an EU perspective DNT:1 is only necessary for 1st party and would mean an objection to first-party collections. In the EU context DNT:0 is the interesting part because it can be an expression of consent to 3rd parties, with DNT:1 potentially meaning withdrawal of such consent. Both under the GDPR and the current e-privacy directive and the future e-privacy regulation there's nothing to opt-out for regarding 3rd parties since 3rd party data collection requires user consent, so an opt-in.
> 
> For neither scenario a compliance specification is strictly necessary, although it may be very helpful for practical purposes and to provide clarification, both for implementing parties and users.
> 
> From where I am standing, getting a W3C compliance spec is a nice-to-have, but nowhere near necessary to make DNT a succes. Getting the TPE to have a more formal status, preferrably with some tweaks, however is.
> 

Walter

it does seem that what you wrote is, in some sense, a compliance spec. (albeit in draft state). Perhaps the EU could write a spec. and assign it a URL, so that sites can say “I respect DNT when interpreted as the EU does”?



Dave Singer

singer@mac.com

Received on Tuesday, 20 December 2016 00:12:27 UTC