- From: David Singer <singer@apple.com>
- Date: Wed, 04 Jun 2014 09:05:38 -0700
- To: Mike O'Neill <michael.oneill@btinternet.com>
- Cc: "Matthias Schunter (Intel Corporation)" <mts-std@schunter.org>, public-tracking@w3.org, Jack Hobaugh <jack@networkadvertising.org>
On Jun 4, 2014, at 5:38 , Mike O'Neill <michael.oneill@btinternet.com> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi Matthias, > > My emails are a bit late as I am having problems sending emails from my usual account. > > How about the following, allowing for a general preference to be covered by the MAY, but still contingent on a clear explanation if resulting from a UGE. > > If a 1st Party receives a request with DNT:0 set then data regarding the user MAY be used or shared but, if the header signal resulted from an explicitly-granted exception, only for the purposes that were clearly and comprehensively explained when the exception was granted. No, you are mixing in language that, if we were to agree to it, would go into the section on granting exceptions, not on the handling of DNT:0. > > Mike > > >> -----Original Message----- >> From: Matthias Schunter (Intel Corporation) [mailto:mts-std@schunter.org] >> Sent: 04 June 2014 13:20 >> To: public-tracking@w3.org >> Subject: Re: issue-170 >> >> Hi Mike, >> >> >> I believe Jack has a valid point: >> - If a site receives "DNT;0", then determining whether this was >> triggered by a UGE or set as a general preference is difficult (or even >> impossible in general). >> >> To mitigate this concern, one option would be to outline an _efficient_ >> way how a site can decide whether DNT;0 was UGE or general preference. >> An alternative would be to relax your requirement and say >>> If a 1st Party receives a request with DNT:1 set then data regarding or >> identifying the user initiating the request MUST NOT be shared between Parties >> outside the context of the request, other than between the 1st Party and its >> service providers or for permitted uses as defined within this recommendation. A >> 1st Party MAY elect further restrictions on the collection or use of such data. >>> >>> If a 1st Party receives a request with DNT:0 set then data regarding the user >> MAY be used or shared but only for the purposes that were clearly and >> comprehensively explained when the exception was granted. >> (The only change I made is the removal of the constraint "If, as a >> result of an explicitly-granted exception, ".) >> >> >> Opinions? >> >> >> matthias >> >> Am 04.06.2014 13:43, schrieb Mike O'Neill: >>> Hi Jack, >>> >>> Your are right a DNT:0 could be set as a general preference but the >>> proposal as it stands is silent on that. It only says a first party >>> must not share if DNT:1 (though it may elect for further >>> restrictions). If a DNT:0 is received which was not a result of a UGE >>> then the default case would be the same if DNT was unset, unless >>> overridden by local law or voluntary further restrictions but IMO we >>> do not need to open that can. >>> >>> Mike >>> >>> >>> >> > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.13 (MingW32) > Comment: Using gpg4o v3.3.26.5094 - http://www.gpg4o.com/ > Charset: utf-8 > > iQEcBAEBAgAGBQJTjxNAAAoJEHMxUy4uXm2JU7cIAOZ+pl1ue+4dU/u0iBUwV2xN > LCaGqPm3rwfIJJE2WBitKocePyv+ss6dwxoblQFx2PXHamDkYeq+55YhkxflrGx4 > 6t+Q8+d+HEpQUpw7QNFrxCdPenzaKMUuLvSJwE7LhD4ZcqdIpqY+wJ8//NqmHy10 > 4k0zP7UYUOGtedDbanIFI2RoGd2WHx+3mc5EXSk/n2N+t4g69b96o/Z1sZewZtNS > C0fj5no90TAgjf/TsFraPUvW/woxDJJWAFXSqQFIniKjhZo8tKRPW5Ii1Xd+90FI > VjNyM8NpQG8EPe0JSNxXKrv2lp5dVpt9+Grbv1CNh6VhNgCoiiJsiczKN9rJMug= > =mD1Y > -----END PGP SIGNATURE----- > > David Singer Manager, Software Standards, Apple Inc.
Received on Wednesday, 4 June 2014 16:06:08 UTC