Examples for Issue 35

At this point:
 1. I do not know of anyone else working on examples, so this is it unless someone speaks up
 2. Either “Please see Appendix foo for examples" or examples inline is Roy’s call, as he thinks best while editing. Similarly, if subheadings would help, please have at it.

On content in particular — could someone take a look at example 2 to make sure this should all be T rather than C? I would really hate to ship an incorrect example. 

Any other improvements / corrections / suggestions? If no one speaks up in the next week, I think this is good to go into the draft, as per our discussion on the call today.

(For Roy, Mike kindly offered to fix formatting in ReSpec I fail at table formatting, but this seems very straight-forward. Yay.)

(For W3C powers that be, https://dev.w3.org/2008/video/mediaann/ReSpec.js/documentation.html <https://dev.w3.org/2008/video/mediaann/ReSpec.js/documentation.html> links to https://dev.w3.org/2008/video/mediaann/ReSpec.js/test-spec/index.html <https://dev.w3.org/2008/video/mediaann/ReSpec.js/test-spec/index.html> which is, sadly, dead.)

 ***
 
This section is non-normative.
The policy property may contain a URI. We provide examples here.

As a very simple example, you might host http://www.example1.com/dnt.html <http://www.example1.com/dnt.html> containing an in-house description of your Do Not Track practices:

            Example1 does not collect or share personal information and does not have any third party content on our website. Consequently, nothing changes on our website if you turn on Do Not Track. This description is in accordance with California AB 370, a law that provides Do Not Track transparency. For more information, please see our <a href=“http://www.example1.com/privacypolicy.html <http://www.example1.com/privacypolicy.html>”>privacy policy</a>.
 
Example1 would also send a Tk response header field of N to indicate they are not tracking, as described in section 6.2.5.
 
 
As another possibility, the policy property may simply contain a URI for a Do Not Track practice defined by a trade association or other group, for example, https://www.eff.org/dnt-policy <https://www.eff.org/dnt-policy>. This would duplicative since such URIs are better handled through the compliance property, as described in section 6.5.3.
 
Compliance policies are typically more comprehensive than lend themselves to easy reading by a user trying to make a Do Not Track decision. Rather, you might provide your own short description of what changes specifically for your website for DNT users, plus a link to the longer compliance policy. You might set the policy property to your own http://www.example2.com/dnt.html <http://www.example2.com/dnt.html> containing something like this:
 
          Example2 collects and shares information in accordance with our <a href=“http://www.example2.com/privacypolicy.html <http://www.example2.com/privacypolicy.html>”>privacy policy</a>, and we ordinarily compile a profile of your interests based on the articles you read on our site. If you have Do Not Track enabled, we follow the <a href="https://www.eff.org/dnt-policy <https://www.eff.org/dnt-policy>”>Electric Frontier Foundation’s Do Not Track policy</a>, and we will delete your interest profile. 
            We show ads to our visitors. Our advertisers follow the <a href="http://digitaladvertisingalliance.org/principles <http://digitaladvertisingalliance.org/principles>”>DAA Self-Regulatory Principles</a>. We ask our Do Not Track users to consent to tracking by these advertisers to best support our website. If Do Not Track users will not grant permission for third-party tracking, we show ads from advertisers also following the EFF Do Not Track Policy. 


Example2 could have a variety of Tk header responses. Here are a few possibilities. Note well that while DNT:1 and DNT:0 are handled the same way, if there is no DNT setting at all then users in the US continue to be tracked while users in the EU do not, as described in section 5.1.
<table class="simple">
        <tbody><tr><th>DNT setting + </th>
            <th>user location = </th>            
  <th>Tk header response</th>
  <th>Notes</th>
        </tr>

        <tr><td>1</td>
 <td>United States</td>
           <td>N</td>
 <td>Example2 would follow the EFF policy, and indicate they are not tracking (see 6.2.5)</td>
        </tr>
        <tr><td>1</td>
 <td>European Union</td>
           <td>N</td>
 <td>Example2 would follow the EFF policy, and indicate they are not tracking (see 6.2.5)</td>
        </tr>

        <tr><td>0</td>
 <td>United States</td>
           <td>T</td>
 <td>Example2 would follow their standard privacy policy, show adds from their normal DAA-member advertisers, and confirm they are tracking users (see 6.2.6).</td>
        </tr>
        <tr><td>0</td>
 <td>European Union</td>
           <td>T</td>
 <td>Example2 would follow their standard privacy policy, show adds from their normal DAA-member advertisers, and confirm they are tracking users (see 6.2.6).</td>
        </tr>

        <tr><td>unset</td>
 <td>United States</td>
           <td>T</td>
 <td>Example2 would follow their standard privacy policy, show adds from their normal DAA-member advertisers, and confirm they are tracking users (see 6.2.6). This is identical to a US user sending DNT:0.</td>
        </tr>
        <tr><td>unset</td>
 <td>European Union</td>
           <td>N</td>
 <td>Example2 would follow the EFF policy, and indicate they are not tracking (see 6.2.5). This is identical to an EU user sending DNT:1.</td>
        </tr>

      </tbody></table>
 
Finally, user agents may choose to display information contained in the policy property directly to users, as might other parties asking users to consent to being tracked (“opt back in.”) For this reason it helps to kept the text to a pithy description of exactly what a given site does differently when receiving a DNT:1 signal.

Received on Tuesday, 27 June 2017 01:19:48 UTC