- From: Walter van Holst <walter.van.holst@xs4all.nl>
- Date: Wed, 22 May 2013 21:41:05 +0200
- To: "public-tracking@w3.org" <public-tracking@w3.org>
On 225//13 9:19 PM, JC Cannon wrote: > Under DNT, third parties are not allowed to collect data for > targeting purposes or share data with third parties so any > third-party data used by the first party would have only been > collected when DNT was disabled or absent. Dear J.C., My understanding of the spec (which may be flawed, so bear with me) is that it allows for third-parties to ignore any DNT signal provided that they do not claim to be DNT-compliant. While the current spec allows a first-party to collect data while claiming DNT-compliance, even when appending it with data collected in a third-party quality (with which I disagree, but that is not the issue at hand). So to be slightly more specific about the scenario mentioned in ISSUE-184: Imagine: - News site A claiming to be DNT-compliant, and actually does not collect data at all itself, it also does not directly demand any personal data whatsoever. But... - through some Javascript-Fu, it (possibly inadvertedly) makes its content only available if the UA renders a third-party single-pixel tracker. Or alternatively, it only makes it content available if the third-party receives a DNT:unset or DNT:0 signal. So all parties involved can claim DNT-compliance, even the third-party. It does not provide its content under a DNT:1 signal (what the spec allows for). To me any DNT:0 signal such third-party receives is not freely given consent. To cut a very long story short: if you make your content dependent on third-party content that either is not DNT-compliant or requires a DNT:0 or DNT:unset signal, you cannot in good faith claim to be DNT-compliant unless you use the SAME-PARTY feature. Because from a user-perspective you are acting as the same party. Regards, Walter
Received on Wednesday, 22 May 2013 19:41:34 UTC