Purposes Extension: Cookie Based Consent Mechanisms Don't Work For UAs and Users Who Block 3rd Party Cookies

[jasonanovak]

In the July 23, 2018 Editor's Draft of Tracking Preference Expression (DNT)- Purposes Extension Addendum, the Introduction says:

Although a single boolean, indicating consent/no-consent, can be delivered this way, i.e. site-specifically, via the DNT header there is no way currently to do this similarly for data. HTTP cookies are intrinsically web-wide, once stored they will always be included in resource requests, whether to embedded third-parties or to their first-party websites. This means that if the user has agreed to site-specific tracking, say within a publishers first-party site, the persisted information has to recorded in a first-party cookie and communicated to embedded third-parties within the targeted Url or via a message event. Both these mechanisms would have to be agreed between the parties, would be logistically difficuly to arrange, and are therefore not scaleable.

Rather than focus on the business complexity of a cookie based mechanism, why not focus on the user / web-interopt issue that a cookie based mechanism won’t work for browsers that block third party cookies or the fact that users can configure their browsers to block third party cookies?

[michael-oneill]

I agree, I have changed the focus to more about the cookie blocking issue.