issue-170 from Mike O'Neill on 2014-06-05 (public-tracking@w3.org from June 2014)

From: Mike O'Neill <michael.oneill@baycloud.com>
Date: Thu, 5 Jun 2014 13:01:48 +0100
To: "Ninja Marnau" <ninja@w3.org>
Cc: "'Matthias Schunter $Intel Corporation$'" <mts-std@schunter.org>, <public-tracking@w3.org>, "'Jack Hobaugh'" <jack@networkadvertising.org>, "'David Singer'" <singer@apple.com>, "Rigo Wenning" <rigo@w3.org>
Message-ID: <0a1101cf80b5$f0d301b0$d2790510$@baycloud.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Ninja, 

Following David's comment and Justin's in the call I would like to remove the statement about DNT: 0 ("If a 1st Party receives a request with DNT:0.."), I agree this would be better in section 5 User-Granted Exceptions. I will propose a new sentence in the next couple days to go into section 5 addressing Rigo's point about DNT:0 acting as a e-privacy consent signal for 1st parties.

Proposal 2 should now just read:

If a 1st Party receives a request with DNT:1 set then data regarding or identifying the user initiating the request MUST NOT be shared between Parties outside the context of the request, other than between the 1st Party and its service providers or for permitted uses as defined within this recommendation. A 1st Party MAY elect further restrictions on the collection or use of such data.

Mike

> -----Original Message-----
> From: David Singer [mailto:singer@apple.com]
> Sent: 04 June 2014 17:06
> To: Mike O'Neill
> Cc: Matthias Schunter (Intel Corporation); public-tracking@w3.org; Jack
> Hobaugh
> Subject: Re: issue-170
> 
> 
> On Jun 4, 2014, at 5:38 , Mike O'Neill <michael.oneill@btinternet.com> wrote:
> 
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Hi Matthias,
> >
> > My emails are a bit late as I am having problems sending emails from my usual
> account.
> >
> > How about the following, allowing for a general preference to be covered by
> the MAY, but still contingent on a clear explanation if resulting from a UGE.
> >
> > If a 1st Party receives a request with DNT:0 set then data regarding the user
> MAY be used or shared but, if the header signal resulted from an explicitly-
> granted exception, only for the purposes that were clearly and comprehensively
> explained when the exception was granted.
> 
> No, you are mixing in language that, if we were to agree to it, would go into the
> section on granting exceptions, not on the handling of DNT:0.
> 
> 
> >
> > Mike
> >
> >
> >> -----Original Message-----
> >> From: Matthias Schunter (Intel Corporation) [mailto:mts-std@schunter.org]
> >> Sent: 04 June 2014 13:20
> >> To: public-tracking@w3.org
> >> Subject: Re: issue-170
> >>
> >> Hi Mike,
> >>
> >>
> >> I believe Jack has a valid point:
> >> - If a site receives "DNT;0", then determining whether this was
> >> triggered by a UGE or set as a general preference is difficult (or even
> >> impossible in general).
> >>
> >> To mitigate this concern, one option would be to outline an _efficient_
> >> way how a site can decide whether DNT;0 was UGE or general preference.
> >> An alternative would be to relax your requirement and say
> >>> If a 1st Party receives a request with DNT:1 set then data regarding or
> >> identifying the user initiating the request MUST NOT be shared between
> Parties
> >> outside the context of the request, other than between the 1st Party and its
> >> service providers or for permitted uses as defined within this
> recommendation. A
> >> 1st Party MAY elect further restrictions on the collection or use of such data.
> >>>
> >>> If a 1st Party receives a request with DNT:0 set then data regarding the user
> >> MAY be used or shared but only for the purposes that were clearly and
> >> comprehensively explained when the exception was granted.
> >> (The only change I made is the removal of the constraint "If, as a
> >> result of an explicitly-granted exception, ".)
> >>
> >>
> >> Opinions?
> >>
> >>
> >> matthias
> >>
> >> Am 04.06.2014 13:43, schrieb Mike O'Neill:
> >>> Hi Jack,
> >>>
> >>> Your are right a DNT:0 could be set as a general preference but the
> >>> proposal as it stands is silent on that. It only says a first party
> >>> must not share if DNT:1 (though it may elect for further
> >>> restrictions).  If a DNT:0 is received which was not a result of a UGE
> >>> then the default case would be the same if DNT was unset, unless
> >>> overridden by local law or voluntary further restrictions but IMO we
> >>> do not need to open that can.
> >>>
> >>> Mike
> >>>
> >>>
> >>>
> >>
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.13 (MingW32)
> > Comment: Using gpg4o v3.3.26.5094 - http://www.gpg4o.com/
> > Charset: utf-8
> >
> >
> iQEcBAEBAgAGBQJTjxNAAAoJEHMxUy4uXm2JU7cIAOZ+pl1ue+4dU/u0iBUwV2x
> N
> > LCaGqPm3rwfIJJE2WBitKocePyv+ss6dwxoblQFx2PXHamDkYeq+55YhkxflrGx4
> >
> 6t+Q8+d+HEpQUpw7QNFrxCdPenzaKMUuLvSJwE7LhD4ZcqdIpqY+wJ8//NqmHy1
> 0
> >
> 4k0zP7UYUOGtedDbanIFI2RoGd2WHx+3mc5EXSk/n2N+t4g69b96o/Z1sZewZtNS
> > C0fj5no90TAgjf/TsFraPUvW/woxDJJWAFXSqQFIniKjhZo8tKRPW5Ii1Xd+90FI
> > VjNyM8NpQG8EPe0JSNxXKrv2lp5dVpt9+Grbv1CNh6VhNgCoiiJsiczKN9rJMug=
> > =mD1Y
> > -----END PGP SIGNATURE-----
> >
> >
> 
> David Singer
> Manager, Software Standards, Apple Inc.
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (MingW32)
Comment: Using gpg4o v3.3.26.5094 - http://www.gpg4o.com/
Charset: utf-8

iQEcBAEBAgAGBQJTkFwrAAoJEHMxUy4uXm2JgbEIAKyIDqpQ61JeSrm8nr+4b7vm
ZJYjb6RIvxsfOfnhTKApP+AL5kzkjmZzX/cduKzt/vxgL+R6B+k6SOP+ac/cWxmb
SXGSN5SEchYbx7YibkBIh0QifX/3/jmOOP4B+haF2LgyqgHb9T5DlygDIIKFbAIH
uhLn4VznmcIdryPhSgcjl4b+Q8KWMEqoajj1XAMkQQIqZrsIPpERKKc3KYggd+2/
SdkIin8PyOzaiz+RrmABIq59go1JDrFFEznD7g5NNgPpv6LwIvHiWJAJ/5OtZPNY
wVoMBTuPpDx7nwN8dKlKhmI0rJK5iAi/jnbwTJU9a5lAnw9a5xklfw6Ks5f3Uvw=
=AhWj
-----END PGP SIGNATURE-----
Received on Thursday, 5 June 2014 12:02:35 UTC