Update Explainer to add new 6.4 (Consent to Track Notwithstanding a Universal GPC Signal)

[j-br0]

Added new section 6.4 to address #80 on when separate consent to track can override GPC.

[bvandersloot-mozilla]

Am improvement, particularly with the paragraph about bombarding users with consent prompts

[jyasskin]

I think it would still be useful to also say something very short in the normative spec itself, but this is good text for the explainer.

[j-br0]

I think it would still be useful to also say something very short in the normative spec itself, but this is good text for the explainer.

Any recommendation on where that should be? Maybe a sentence or two in 5.3 (maybe in lieu of some of the existing language in the second half of that section which is largely duplicative of what's now in the explainer)?

[jyasskin]

It ought to be somewhere in the definition of the meaning of the Sec-GPC header. That's in 3.3:

The Sec-GPC header field is a mechanism for expressing the person's preference for a do-not-sell-or-share interaction in an HTTP request (for any request method).

which refers to section 2:

A do-not-sell-or-share interaction is an interaction with a website in which the person is requesting that their data not be sold to or shared with any party other than the one the person intends to interact with, or to have their data used for cross-site ad targeting, except as permitted by law.

A possible change could be "... except as permitted by law or specifically arranged between the person and the website."?

[rinchen]

These changes look good to me. I don't have any opinions on Jeffrey's comment but the suggested wording looks good to me.

[martinthomson]

grammar is hard. "company requests" seemed a bit off to me.