tracking-ISSUE-143 (Reciprocal Consent): Activating a Tracking Preference must require explicit, informed consent from a user [Tracking Preference Expression (DNT)] from Tracking Protection Working Group Issue Tracker on 2012-04-25 (public-tracking@w3.org from April 2012)

From: Tracking Protection Working Group Issue Tracker <sysbot+tracker@w3.org>
Date: Wed, 25 Apr 2012 21:54:26 +0000
To: public-tracking@w3.org
Message-Id: <E1SNAAM-0007AY-0c@tibor.w3.org>

tracking-ISSUE-143 (Reciprocal Consent): Activating a Tracking Preference must require explicit, informed consent from a user [Tracking Preference Expression (DNT)]

http://www.w3.org/2011/tracking-protection/track/issues/143

Raised by: Shane Wiley
On product: Tracking Preference Expression (DNT)

As we've developed draft text for obtaining explicit, informed consent from a user for out-of-bound user granted exceptions, it's equally important that activation of a tracking preference be coupled with the same explicit, informed consent.

For example, activating a tracking preference should require explicit language identifying this as an option and informing the user of the scope of the option's application.

For example, an security software package should NOT activate DNT by default (with an explanation buried deeply in their TOS or help center) and the user must explicitly select this option upon install/use of the product.

Using this same test, I don't believe there is "explicit, informed" consent from users activating DNT within IE9's Traffic Protection Lists and this should be called out when a TPL is activated.

To further support this view, much like response headers allow a party to respond to articulate when they've received out-of-band consent, I request that a similar element be added to request headers.  In this model, a new data element would need to be added (perhaps in the extension) for a party to articulate that they have captured a user's consent to activate DNT and identify themselves in this manner as the "capturee" of the consent.  It'll be vital that web browser vendors lock down the ability for a 3rd party tool or extension to mimic their signature in this process and only allow 3rd party tools to activate DNT on a user's behalf by articulating who they are.

This way, if industry feels a party is inappropriately setting a tracking preference, we can take steps to discover which headers are coming from this party and take steps to request the party move to an "explicit, informed" consent model prior to honoring the DNT headers coming from the implementation of their tool.

Received on Wednesday, 25 April 2012 21:54:28 UTC