RE: ACTION-152 - Write up logged-in-means-out-of-band-consent from Justin Brookman on 2012-04-02 (public-tracking@w3.org from April 2012)

From: Justin Brookman <jbrookman@cdt.org>
Date: Mon, 2 Apr 2012 16:45:51 -0400
To: public-tracking@w3.org
Message-ID: <e89ee3e2-03d6-417f-a4e8-86e4d055739a@blur>

JC, I have repeatedly said before I'm fine with social widgets on third-party sites giving me relevant contextual information.  Frankly, I don't care if this use of first-party data in a third-party context is tied to registration/logged-in state or not, but if people want to limit it to registation/logged-in state, whatever.  But while I'm fine with Amazon ephemerally recognizing my presence of a different site to render a contextually-relevant experience for me there, I don't want Amazon to store the fact that I was on that site for my Amazon profile UNLESS I gave them permission to track me pursuant to a clear and prominent prompt.

As for the MyBlogLog (for the Bob Loblaw Law Blog?) example, I don't know the details of the sign-up flow , but it sounds like it was clearly stated to users what the purpose of the product was upon sign-up, so it would meet the test of the language I drafted (I'm assuming users signed up for MyBlogLog independently of other Yahoo! services because they wanted to be included on these reader lists).  HOWEVER, it meets the test not because of the privacy policy or the URI/response header, but because of what was clearly presented to the user during sign up.  I reiterate the point, however, it would not be appropriate for the New York Times of Yahoo! mail to use a ToS to get permission for themselves (or others) to ignore DNT.

Sent via mobile, please excuse curtness and typos

-----Original message-----
From: JC Cannon <jccannon@microsoft.com>
To: Justin Brookman <jbrookman@cdt.org>, "public-tracking@w3.org" <public-tracking@w3.org>
Sent: Mon, Apr 2, 2012 20:27:46 GMT+00:00
Subject: RE: ACTION-152 - Write up logged-in-means-out-of-band-consent

Justin,

Would you say that today logged in state is irrelevant for Amazon, FB or my bank? Not at all. There is a difference. If I am reading an Amazon-sponsored book review on a third-party site and it indicated that my friend bought the book (because my friend opted in to sharing) I would appreciate that info. I would not like it if I wasn’t logged in and I would like the option to say don’t track me. Your position doesn’t give consumers that flexibility.

JC

From: Justin Brookman [mailto:jbrookman@cdt.org]
Sent: Monday, April 02, 2012 1:01 PM
To: public-tracking@w3.org
Subject: RE: ACTION-152 - Write up logged-in-means-out-of-band-consent

I continue to think that logged-in state should be irrelevant, and that whoever wants to get permission to track despite a DNT signal should have to do so pursuant to clear and prominent notice.

Shane, just so I understand your view of the logged-in/out-of-band consent exception, walk me through how it would apply to Yahoo!  Yahoo! will publicly state that they are W3C/DNT compliant, but for people who register for Yahoo! mail, Yahoo! could reser

Received on Monday, 2 April 2012 20:46:08 UTC