- From: Aleecia M. McDonald <aleecia@aleecia.com>
- Date: Thu, 12 Oct 2017 14:47:12 -0700
- To: "public-tracking@w3.org (public-tracking@w3.org) (public-tracking@w3.org)" <public-tracking@w3.org>
> On Oct 12, 2017, at 11:16 AM, Shane M Wiley <wileys@oath.com> wrote: > […] > In either case, we'll need a purpose array for the ad industry to be able to leverage DNT as a lawful consent compliance approach in the EU (at least that's what EU lawyers are telling me). […] This sounds like an array of common purposes that also contains a purpose of other. I imagine a common set of purposes congruent with EU regs, and then “other” managed entirely by the publisher, which defines what it means, conveys it meaningfully to users, and records not only consent but what was consented to. I would expect any given publisher using “other” to change what it means over time (e.g. after an acquisition or new product launch, etc.) which is why a timestamp is going to matter. In an ideal world, Art 29 WP could issue guidance that turns the common set of purposes into something fairly self-serve. Perhaps there will be sample text akin to Safe Harbor guidance. For the complexities of Other, well, see your local DPA to have a discussion about that. Small sites should be able to do just fine with the common set. Large companies can get all the complexity they need from Other, which might need to be further defined as OtherA, OtherB, OtherC, on the backend, but that too is up to the publisher to manage. Early on we had the idea that straight-forward publishers should be able to implement DNT easily and those with complex practices would have a more complex implementation. I think we can still fulfill that goal. (I echo Rob’s concern about further delay and the ironies inherent in this discussion.) Aleecia
Received on Thursday, 12 October 2017 21:47:36 UTC