- From: Rob van Eijk <rob@blaeu.com>
- Date: Sat, 23 Mar 2013 08:37:37 +0100
- To: "Roy T. Fielding" <fielding@gbiv.com>, Justin Brookman <justin@cdt.org>
- CC: public-tracking@w3.org
- Message-ID: <292a6c40-e552-47b4-9298-c96de9c089d4@email.android.com>
The problem Alex raies is that the pixel technology is not able to talk DNT. Like I said in Berlin when we discussed audience measurement: Nielsen has to innovate. When DNT=1, it has to be meaningful. If your fishnet is not designed to determine whether you have out-of-bad consent, then you shouldn't be fishing. I remain to be very conserned about this discussion. We have seen this discussion going from an possbile exception to now a deferrence of approach. The underlying problem has been the same: the tracking pixels are invisible, and data from non-panel members gets collected under DNT=1. That is not meaningful to me. Rob "Roy T. Fielding" <fielding@gbiv.com> wrote: >On Mar 22, 2013, at 1:39 PM, Justin Brookman wrote: >> On 3/22/2013 3:42 PM, Ronan Heffernan wrote: >>> Responding to a DNT:1 signal with an acknowledgement that a company >follows DNT, and will abide by the restrictions (and permitted uses) >therein, is easy. Responding with real-time lookups of whether OOBC >exists is quite difficult (in many cases impossible), especially for >large-scale systems that use CDNs and other distributed processing, and >systems that do not receive technical information required to perform >OOBC lookups until after some browsing has already happened. >> I just don't understand why these concerns hadn't been raised in the >previous two years of discussions (it is possible they have and I was >paying less attention to TPE, but if they were, they were resolved to >the editors' and chairs' satisfaction). The mandatory response signal >has been in the TPE for some time now. I would like to hear from >others if feedback is effectively impossible for OOB. In which case, >that's an argument that we need should get rid of OOB and require >implementation of the exception mechanism by user agents (something I >had previously been reluctant to do). > >I think Alex raised the issue early on and we simply neglected >to design for it. There do exist systems that only *use* collected >data >in essentially offline batch processing, so it is reasonable for a site >to say "we are collecting data for all transactions but will only >retain >and use data from users identified as having previously given consent". > >I would not suggest using "C" for that. It is a different answer. > >Alternatively, we could just make it part of the "3" definition to >be that DNT:1 data will not be retained (beyond the minimum period >allowed for non-processed raw data) unless agreed to separately by >the user under contract. That would be consistent with prior consent >overriding DNT. > >And, again, whether or not this meets what the user asked by DNT:1 >depends entirely on the definition of Do Not Track. If DNT:1 means >let me browse anonymously, then sites that can't support anonymous >browsing can't comply with DNT. Panel studies should simply >require that members in the panel turn off DNT. > >OTOH, if DNT:1 means do not follow my activity across non-affiliated >sites without my prior consent, then it would be sufficient for >OOB consent sites to implement DNT by stating that the data will be >deleted within X hours if it does not correspond to a user that has >consented. > >....Roy
Received on Saturday, 23 March 2013 07:38:34 UTC