Privacy/TPWG/Change Proposal Disregarding
TPE Editor's Draft
5.2.8 Disregarding (D)
A tracking status value of D means that the origin server is unable or unwilling to respect a tracking preference received from the requesting user agent. An origin server that sends the D tracking status value must detail within the server's corresponding privacy policy the conditions under which a tracking preference might be disregarded.
For example, an origin server might disregard the DNT field received from specific user agents (or via specific network intermediaries) that are deemed to be non-conforming, might be collecting additional data from specific source network locations due to prior security incidents, or might be compelled to disregard certain DNT requests to comply with a local law, regulation, or order.
NOTE This specification is written with an assumption that the D tracking status value would only be used in situations that can be adequately described to users as an exception to normal behavior. If this turns out not to be the case, either the server's decision to send the D signal needs re-examination, or this specification, or both.
TCS Editor's Draft
A third party to a given user action that disregards a DNT signal must indicate so to the user agent, using the response mechanism defined in the [TRACKING-DNT] recommendation.
New text proposals
Proposal 1: Information Requirement
By Rob van Eijk and Mike O'Neill
A party MUST provide information in its privacy policy listing the specific reasons for not honouring the user expression. The party's representation MUST be easy discoverable, clear and unambiguous.
Non normative: In the interests of transparency, and especially if there is more than a single such reason listed in a privacy policy, it is recommended that servers implement the [TRACKING-DNT] “status-id” mechanism so that the particular reason for not honoring the user expression is provided. The Tk response header can contain a status-id field identifying the relevant Tracking Status Resource whose qualifiers property contains a short token representing the particular reason. The User Agent can parse this and communicate the reason to the user.
Proposal 2: Proposed revision from Nick
A party to a given user action that disregards a DNT signal MUST indicate so to the user agent, using the response mechanism defined in the [TRACKING-DNT] recommendation. The party MUST provide information in its privacy policy listing the specific reasons for not honoring the user's expressed preference. The party's representation MUST be clear and easily discoverable.
Non-normative: In the interest of transparency, especially where multiple reasons are listed, a server might use the [TRACKING-DNT] *qualifiers* or *config* properties to indicate a particular reason for disregarding or steps to address the issue. A user agent can parse this response to communicate the reason to the user or direct the user to the relevant section of a privacy policy. This document does not define specific qualifiers for different reasons servers might have for disregarding signals.
Old text proposals
Proposal 2: exception to normal behavior (now merged with proposal 1)
By Mike O'Neill
A third party to a given user action that disregards a DNT signal MUST [indicate its reason for doing] so to the user agent, using the response mechanism defined in the [TRACKING-DNT] recommendation. This specification is written with an assumption that disregarding DNT would only be used in situations that can be adequately described to users as an exception to normal behavior. If this turns out not to be the case, either the server's decision to disregard the signal needs re-examination, or this specification, or both.
Proposal: Do not disregard syntactically valid
Proposal from Jonathan Mayer: email; issue-207
A website MUST NOT disregard a syntactically valid DNT signal.
Example: A website believes that a DNT: 1 signal originates from a noncompliant browser. The website must not disregard the signal. It may request confirmation of the user's preference through an out-of-band consent mechanism.