royfielding
commented
7 years ago The main problem here is that the policy property is intended to refer to the site's privacy policy, which might be quite a bit larger than what you would want to display. I have added some clarification about describing the difference between DNT:0 and DNT:1 in commit 9cf7034c4920aa943b9d6646d7ab27856757092f
Aside from the usual spec requirement that examples not reflect real companies, it seems that the examples all presume a policy document that is tailored for user agent display. Since that is not what we defined for policy, I am going to remove the example section for now (at least until we have more time to review and decide what makes sense here). After all, we are supposed to be encouraging people to define and reference compliance regimes, which makes the policy machine-readable.
With no standard compliance spec to set a minimum bar, a very common use case for all UIs will be to find a way to present text to users what they consent to when users agree to tracking. A standard hook to do this is both useful and necessary to ensure usability in practice, and address the gaping hole left by shooting the compliance spec. Of course, this also supports US law (AB 370) as well as likely EU law as well.
Specifically, I propose changes to section, 6.5.8 Policy Property, as follows:
Of note: this leaves all text in the hands of the companies of how to describe things. It only requires that they do so (as with AB 370) and that they do so in a way that user agents can hook into to make DNT at all usable in practice. This is a mighty low bar.