Re: tracking-ISSUE-150: DNT conflicts from multiple user agents [Tracking Definitions and Compliance]

On 6/4/2012 11:52 AM, Dobbs, Brooks wrote:
> I see where there is a requirement that the intermediaries don't inject
> headers, but equally I see a big red capital MUST describing that the
> expression reflect the user's preference.  Both injecting/modifying the
> header or instantiating it (one way or the other) absent a reflection of the
> user's preference seem equally non-compliant.
>
> IMHO it sets a very dangerous precedent (no matter where you side on the
> desirability of high adoption of DNT: 1) to say 1) the specification is
> founded in reflecting preference and, simultaneously, 2) default settings
> can reflect this preference.  Isn't this argued very differently with
> respect to default browser settings implying consent for cookies in the EU?

Dangerous precedent it is indeed, but some jurisdictions (Canada being 
one) are stuck with it for the long haul. The Canadian landscape 
straddles EU and US approaches by a.) requiring consent and b.) 
accepting implicit/opt-out consent. Particularly, in the context of DNT, 
our privacy commissioner has affirmed that implied opt-out consent will 
be the guiding principle.

Where I envision potential problems under Canadian laws (and I imagine 
this might be an issue in comparable non-EU jursdictions as well), is if 
a server is required to ignore a 'DNT-1' designation because it is 
premised on a default user-agent selection and, hence, does not reflect 
a user preference. In this context, it is very difficult to pretend 
there is any form of implied consent to track.

I say this without reflection on the underlying policy choices here (I 
do personally prefer broad DNT-1 adoption, but I understand there has 
been consensus against mandating any default positions), but rather out 
of a genuine interest in how this standard might operate (or not) in Canada.

Best,
Tamir

Received on Monday, 4 June 2012 19:30:55 UTC