IAB-EU Consent framework and DNT

A spurious reason put out as to why the IAB-EU framework was developed
independently from our group is that "DNT can't handle purposes". This is
clearly not true. 

We debated encoding purposes in the TSR over a year ago, and discussed
further additions to the API to support it in November (as soon as the issue
was raised), and I wrote it up in a new draft as an action. 

We also addressed the requirement for a "right-to-object" signal for the new
non-tracking analytics exemption in the Parliament's EPR draft. 

Attached is the email reporting it, and here are the links to the relevant
text:

https://w3c.github.io/dnt/drafts/purposes-snapshot.html#dnt-header-field

https://w3c.github.io/dnt/drafts/purposes-snapshot.html#dom-trackingexdata-f
ieldvalue

https://w3c.github.io/dnt/drafts/purposes-snapshot.html#rep.purposes

Communicating purposes in the DNT:0 header (or in fact anything else that
would be required to support business models for online publishing),
obviates the need for elaborately encoding information such as the
consented-to parties and purposes in the IAB-EUs "daisybit" cookie, and is
far more effective from an implementation, data protection and privacy
protective perspective. The "daisybit" cookie would be complex for the user
agents to decode restricting their ability to inform users of what parties
was being signalled that they had agreed to, and in addition creates a huge
fingerprinting risk. 

Neither of these is a problem with DNT. The IAB-EU "daisybit" could be
simplified (no need for consented-to parties) and conveyed within the DNT: 0
header to the appropriate origins.

One the other hand, the fact that the IAB UL and the AdTech companies
involved have recognised that there is a legal (and I would say a moral)
imperative to for an opt-in consent framework, in further unmistakable
evidence that browser companies should step up to the plate and fully
implement the DNT Consent API.

Mike