Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Standard way to convey to users what they agree to when they consent to tracking #35

Closed
aleecia opened this issue Apr 24, 2017 · 1 comment
Closed

Standard way to convey to users what they agree to when they consent to tracking #35

aleecia opened this issue Apr 24, 2017 · 1 comment
Assignees
@royfielding
Labels
05-updated-in-specification
Milestone
TPE-CR-Sep-2017

Comments

@aleecia
Copy link

aleecia commented Apr 24, 2017

With no standard compliance spec to set a minimum bar, a very common use case for all UIs will be to find a way to present text to users what they consent to when users agree to tracking. A standard hook to do this is both useful and necessary to ensure usability in practice, and address the gaping hole left by shooting the compliance spec. Of course, this also supports US law (AB 370) as well as likely EU law as well.

Specifically, I propose changes to section, 6.5.8 Policy Property, as follows:

  1. Change from MAY to SHOULD provide a policy property.
  2. Either:
    a. Specify that while the exact details are out of spec, the Policy Property SHOULD inform users of what changes between DNT:0 and DNT:1, or
    b. Extend to have two different policy properties, one for DNT:0 and the other for DNT:1.
    (I suspect a is easier for users, and b is easier for implementors. I imagine others will have opinions as to which is better.)
  3. Additionally, add the following text: User agents implementing Do Not Track SHOULD present this information to users when asking them to make decisions about tracking.

Of note: this leaves all text in the hands of the companies of how to describe things. It only requires that they do so (as with AB 370) and that they do so in a way that user agents can hook into to make DNT at all usable in practice. This is a mighty low bar.
@royfielding
Copy link
Collaborator

The main problem here is that the policy property is intended to refer to the site's privacy policy, which might be quite a bit larger than what you would want to display. I have added some clarification about describing the difference between DNT:0 and DNT:1 in commit 9cf7034

Aside from the usual spec requirement that examples not reflect real companies, it seems that the examples all presume a policy document that is tailored for user agent display. Since that is not what we defined for policy, I am going to remove the example section for now (at least until we have more time to review and decide what makes sense here). After all, we are supposed to be encouraging people to define and reference compliance regimes, which makes the policy machine-readable.

royfielding added a commit that referenced this issue Jul 1, 2017
@royfielding
remove the examples of how to use policy because they refer to real c…
b3068d2 
…ompanies, interpret laws/regulatuons, and are inconsistent with how property is defined; issue #35
@royfielding royfielding added this to the TPE-CR-Sep-2017 milestone Aug 28, 2017
@royfielding royfielding self-assigned this Aug 28, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@royfielding royfielding

Labels
05-updated-in-specification
Projects
None yet
Milestone
TPE-CR-Sep-2017
Development

No branches or pull requests
3 participants
@aleecia @royfielding @mschunte2