johannhof
commented
3 years ago This is a dupe of #12, no? @michael-oneill
Closed michael-oneill closed 3 years ago
johannhof
commented
3 years ago This is a dupe of #12, no? @michael-oneill
annevk
commented
3 years ago That would depend on how we do the integration I think.
michael-oneill
commented
3 years ago A response header would let sites communicate to the browser that they rely on maximum protection from third-party requsests for storage, as they have no control over a third-party other than not to render it. If sites could rely on browsers to implement data protection measures they do not have to do it. The corollary is important also because sites would need a positive indication that the measures were in place.
johannhof
commented
3 years ago Closed by #78
It would be useful for sites to ask browsers (via a response header), for a maximum privacy implementation by browsers for their embedded third-parties access to storage.
Some browsers may not default to prompting for all storage access requests, and sites may have to take further action if they are made aware of that. This is so sites can rely on browsers to implement consent prompts for third-part storage access so top level sites do not have to, as they do under GDPR/ePrivacy. It could also be a way for sites to ensure they are respecting a user's opt-out, either via the site UI or a browser/device setting as implied by the CCPA AG regulations. This could also help remove the need for cookie consent banners in Europe. A corollary could be a request header that indicates the current privacy mode. A top-level site would
know that a browser instance will prompt the user for storage access if this request header is present.