Re: tracking-ISSUE-184 (Walter van Holst): 3rd party dependencies in 1st party content [Tracking Definitions and Compliance] from Roy T. Fielding on 2012-10-24 (public-tracking@w3.org from October 2012)

From: Roy T. Fielding <fielding@gbiv.com>
Date: Wed, 24 Oct 2012 15:56:56 -0700
To: <rob@blaeu.com>
Cc: <public-tracking@w3.org>
Message-Id: <B3BDAAD3-8829-4F66-835D-FCCDC0847875@gbiv.com>

On Oct 24, 2012, at 10:49 AM, Rob van Eijk wrote:

> Tracking Protection Working Group Issue Tracker schreef op 2012-10-24 19:07:
>> tracking-ISSUE-184 (Walter van Holst): 3rd party dependencies in 1st
>> party content [Tracking Definitions and Compliance]
>> 
>> http://www.w3.org/2011/tracking-protection/track/issues/184
>> 
>> Raised by: Walter van Holst
>> On product: Tracking Definitions and Compliance
>> 
>> As anyone that plays around with ad blockers, selective javascript
>> tools, cookie killers and assorted privacy-enhancing browser
>> extensions can attest there is a steady increase of content provided
>> by what under the current text would be a 1st party that cannot be
>> viewed unless content from a 3rd party is also accepted by the UA, be
>> it cookies or javascript.
>> 
>> This raises an interesting situation if we have DNT. For example we
>> have a 1st party that is trusted by the user and also claims to comply
>> to DNT and a 3rd party that is neither. Since the 1st party content is
>> technically dependent on 3rd party content, the user has the choice
>> between either granting consent to the 3rd party in order to have the
>> 1st party function properly or not getting the content at all.
>> 
>> To what extent is such consent informed, genuine and meaningful?
> 
> I would like to add the question the element of free (i.e. freely given): to what extent is such consent freely given.
> 
> (Recital 17 (2002/58/EC): Consent may be given by any appropriate method enabling a freely given, specific and informed  indication of the user’s whishes.)

Hi Rob and Walter,

My understanding of "freely given" is that it is intended to disallow
forced consent, such as when an employer demands that an employee
provide the information or be fired.  The pressure to comply is quite
apparent and is not necessary to provide the service.

In contrast, there is nothing forced about a user making voluntary
requests to a service that is supported by advertising and its
associated data collection practices.  If the user is asked for
consent for such a service and are not externally forced to
provide that consent, then denying the free service if the user
chooses not to consent is fine.  Likewise, denying service to
browsers that disable javascript or fail to show advertising is
not a failure to comply with "freely given".  If that were not true,
then all sites in Europe based on user account services would also
be illegal (e.g., Elsevier).

People do not have a fundamental right to all content being free,
though there are certain sites (e.g., access to essential government
services) for which the "freely given" clause should apply regardless
of DNT.  I don't think we need to address it.

If my understanding is incorrect, please let me know.

....Roy

Received on Wednesday, 24 October 2012 22:57:19 UTC