- From: Roy T. Fielding <fielding@gbiv.com>
- Date: Thu, 23 Aug 2012 13:27:12 -0700
- To: Justin Brookman <jbrookman@cdt.org>
- Cc: public-tracking@w3.org
- Message-Id: <DF7D6973-3033-4477-B1A1-9488ECFA3DD8@gbiv.com>
On Aug 23, 2012, at 6:01 AM, Justin Brookman wrote: > It is inaccurate to say that IE10's implementation is inconsistent witht the spec, as the WG has not chosen an option to define explicit and informed consent. The Windows flow presents information about DNT along with several other options; as an opt-in flow, you could argue that DNT should be called out more prominently, but I have seen a lot worse. > > Please recall that the group previously rejected requiring consent to require distinct permission separate from other information, and you yourself wanted to leave open the possibility that consent could be obtained through a *privacy policy*. So it is certainly an open question whether IE10 meets the explicit and informed consent standard that the spec provides for. No, I said that a privacy policy is not by nature inconsistent with prior consent. It depends how the policy is constructed and presented to the user. In other words, they are orthogonal, whereas you assume that "privacy policy" means some long document elsewhere that is not presented to the user and does not have an affirmative choice option. I also said that prior consent is a state of being, and regulators can and do fine companies when they assume consent that has not actually been granted. None of that should be a surprise. It is sufficient to say "must have prior consent", without any further details whatsoever, because that's how existing laws work. What is missing from the MSIE configuration dialog, given this is a UA installed by default by the operating system and thus not reflective of a user's choice on its own, is an affirmative choice made by the user for a tracking preference to be enabled, and a default (in the absence of choice) as unset. That is obvious. ....Roy
Received on Thursday, 23 August 2012 20:27:25 UTC