Open jasonanovak opened 5 years ago
The TPE already says https://www.w3.org/TR/tracking-dnt/#status-checks-not-tracked that cookies should be sent in the TSR request so that the server can determine the current tracking status, and as they are there they the server can also use them to recall the purposes explained and agreed to when consent was given. The TPE requires that web activity gleaned from the incoming TSR request has to be discarded, whether DNT is 1 or 0, and cookies MUST never be placed by the response.
I have changed the paragraph to reference the TPE and added a reference to the DNT extension as potentially a more reliable method than cookies.
In the July 23, 2018 Editor's Draft of Tracking Preference Expression (DNT)- Purposes Extension Addendum, the Introduction says:
Why are cookie headers in the request before the actual TSR as that, to me, seems to allow for tracking before consent.