Re: tracking-ISSUE-147: Transporting Consent via the Exception / DNT mechanisms [Global Considerations]

On May 15, 2012, at 12:56 AM, Rigo Wenning wrote:

> This is not true. If the origin server has received a DNT;0 header, we also 
> assume that the user has given his/her consent to be tracked. This goes way 
> beyond what would be the situation without header. 

Consent to be tracked means data about their activity can be
collected.  That does not say how it can be used.  The EU regulations,
individual state regulations, and proposed US policies all require
that the consent be contextual/informed (the user knows why it is
being requested and how the data will be used) and that any use or
sharing outside of the established consent/context requires an
additional consent.

In other words, the DNT protocol as currently defined provides no
utility whatsoever to publishers for meeting those regulations
without a separate consent mechanism that details the purpose,
and if we have a separate consent mechanism then we don't need DNT.
Hence, this is now a critical issue.  DNT needs to deal with
data usage purposes or limit its scope to one purpose.

A lot of people (including Rigo) assume that DNT is specific to
advertising.  That simply isn't the case.  It is not true of our
documents, it is not true of the regulations, and it is not true
for the composition of our WG.  If DNT was "Do Not Target Ads",
then it would be true, and I wouldn't be here.  I'll be perfectly
happy to resolve this issue by the WG declaring that all of the
non-OBA uses of tracking are outside the scope of DNT.

Cheers,

....Roy

Received on Tuesday, 15 May 2012 17:58:37 UTC