Copyright ©2003 W3C® (MIT, INRIA, Keio), All Rights Reserved. W3C liability, trademark, document use and software licensing rules apply.
The Consent Choices task force will consider the creation of a mechanism
that will allow web sites to indicate a set of practices to which opt-in or
opt-out choices may be applied as a group. This document describes a draft
proposal how to group consent choices. The basic idea we propose is to add a
<CONSENT-GROUP id="somename">
extension to the
<STATEMENT>
where all statements with the same consent-id
can only be opted in or out together. The numbering of the sections is the
corresponding numbering of the P3P 1.0 Specification.
This is an editors' draft with no standing.
This document describes statement extensions that aim at grouping consent.
This is the output of the P3P 1.1 Working Group on Consent Choices (CC). The
only change we propose is to add an extension sub-element that can contain an
ID of a consent group.
Editor's Note: I am not sure how we want to specify P3P 1.1. I see two
choices:
Since I feel that the latter is nicer for the readers, I temporarily opted for this approach, i.e., Section 3.3 is a copy from P3P where I've marked all P3P 1.1 extensions in red.
[here go the other sub-chapters of the P3P 1.0 spec]
All statements that contain the same id
in their
consent-group extensions belong together. This means that either all elements
with required="opt-in"
or with required="opt-out"
can only be opted together. A user may not be allowed by the recipient to opt
for a subset of these elements.
<CONSENT-GROUP>
<EXTENSION>
subelement of a
<STATEMENT>
. This element that identifies a consent
group. Each statement MUST have at most one consent-group extension. A
statement with a consent-group extension MUST have only opt-in or
opt-out elements.id
[xx] | cg-extension |
= |
"<EXTENSION> <CONSENT-GROUP id=" quotedstring "> </EXTENSION>" |
For example, an enterprise allows to choose whether your phone and email can be used by yourself for marketing. However, once you allow your data to be used for marketing by itself, the collector requires that you allow it to forward the data to third parties for telemarketing as well.
<STATEMENT> <EXTENSION> <CONSENT-GROUP id="marketing"> </EXTENSION> <PURPOSE><contact required="opt-in"/></PURPOSE> <RECIPIENT><ours required="opt-in"></RECIPIENT> <DATA-GROUP> <DATA ref="#user.business-info.telecom.telephone" optional="yes"/> <DATA ref="#user.home-info.online.email" optional="yes"/> </DATA-GROUP> </STATEMENT> <STATEMENT> <EXTENSION> <CONSENT-GROUP id="marketing"> </EXTENSION> <PURPOSE><telemarketing required="opt-in"/></PURPOSE> <RECIPIENT><other-recipient required="opt-in"></RECIPIENT> <DATA-GROUP> <DATA ref="#user.business-info.telecom.telephone" optional="yes"/> <DATA ref="#user.home-info.online.email" optional="yes"/> </DATA-GROUP> </STATEMENT>