- From: Mike O'Neill <michael.oneill@baycloud.com>
- Date: Tue, 1 Oct 2013 18:54:06 +0100
- To: "'Rigo Wenning'" <rigo@w3.org>, <public-tracking@w3.org>
- Cc: "'Matthias Schunter \(Intel Corporation\)'" <mts-std@schunter.org>
Matthias, Justin I would also like to have issue-189 (originally raised against global considerations) raised against TCS, in the paragraph about User Granted Exceptions. Text - a new paragraph under the User Granted Exceptions heading A user can specify that certain requests for resources, for example those to a particular set of host domains, contain a different DNT signal than that indicated by the general preference. For example if the DNT general preference is unset or set to DNT:1, certain requests can indicate DNT:0. It is also possible that if the general preference is unset or set to DNT:0, certain requests can indicate DNT:1. Justification. DNT will have a better chance to be accepted as an explicit consent signal if it is also possible for EU based sites to cause a DNT:1 signal to be sent to their embedded third-parties. In Europe no profiling should take place unless consent has been explicitly given. Because there is no necessity for a European citizen visiting the site of a EU based data-controller to set the DNT general preference, it should be assumed that they may not. In this case a server targeted by embedded third-party content (whose controller may not be subject to EU law) may wrongly assume the absence of DNT in this case allows them to collect PII. Extending the UGE to signal DNT:1 in addition to the ability to signal DNT:0 would let EU based sites communicate their more rigorous compliance requirements to unaffiliated third-parties. Their only legal alternative would be not to use non-EU resident third-parties without a service-provider agreement, or to cause such third-party content not to be rendered to users that had not given their explicit consent. There will need to be some minimal changes to the UGE API spec in the TPE and I will document the changes necessary in the next few days (I think I already did somewhere but I will do it again). Mike -----Original Message----- From: Rigo Wenning [mailto:rigo@w3.org] Sent: 30 September 2013 22:06 To: public-tracking@w3.org Cc: Matthias Schunter (Intel Corporation) Subject: Re: Reminder: Deadline for raising issues is October 02 (this Wednesday) Matthias, ISSUE-147 and ISSUE-148 was raised against global considerations. I would like to raise it against TCS now. I think we can close it later. Concrete text proposal would be to add the following paragraph to section 6: Unless otherwise stated, a service receiving a DNT:0 signal from a user can at least collect the following information: - user data and contact data - information needed for stateful interactions, including preferences - clickstream data - payment data - profile data This data can be combined with other data from external sources. The Privacy Policy indicated in TPE 5.4.3 will further explain the currently active data collection and its limitations even in case of a DNT:0 signal. This solves the requirement for having a determined permission within regulated environments. --Rigo On Monday 30 September 2013 22:21:19 Matthias Schunter wrote: > Hi Team, > > > just a friendly reminder. If you have an issue that is not yet on this > list: http://www.w3.org/2011/tracking-protection/track/products/5 > > Feel free to email us including: > - What is the issue you want to be raised? > - Why do you want to raise this issue? > > On October 16, all issues also need to be documented as required by > the plan: > http://www.w3.org/2011/tracking-protection/1309-plan.html > > > Thanks a lot! > > matthias
Received on Tuesday, 1 October 2013 17:54:37 UTC