- From: Matthias Schunter (Intel Corporation) <mts-std@schunter.org>
- Date: Mon, 20 Feb 2017 14:12:16 +0100
- To: "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
Hi Folks, during our last call, David suggested that we should put the Javascript API at risk. By doing so, we can continue towards recommendations even if the API is not implemented by the participants. I would like to now kick-off a "what if" discussion. The javascript API serves IMHO three purposes: 1 - To store site/web-wide exceptions 2 - To propagate consent from the site to its sub-elements (e.g. the site obtained site-wide consent and all its sub-elements (such as analytics) will then receive a DNT;0 to signal that they are permitted to track. 3 - To provide transparency to the user (who can check what consent/exceptions are stored in his browser) If the Javascript API were removed, then consent can be stored using cookies or other means (point 1), transparency would need to be provided (at a limited level) by the sites (point 2). I would now kick off a discussion how consent could be forwarded from a site to its subsidiaries. Options I see Option 1: Javascript API + DNT;0 header (current solution; at risk) Option 2: Some other way to trigger sending DNT;0 (e.g. we could define a "site-wide exceptioN" response header that triggers sending DNT;0 to other elements Option 3: Encoding in URLs? Some Javascript tricks? Other? What do you think? Opinions? Regards, matthias
Received on Monday, 20 February 2017 13:12:48 UTC