First one is about what the user-agent is supposed to do and how it is supposed to do it. Unless, of course, the user-agent is MSIE.
Second one is about what the server or www site is supposed to do and how it is supposed to do it.
If a first party receives a network transaction to which a DNT:1 header is attached, First Parties may engage in their normal collection and use of information. This includes the ability to customize the content, services, and advertising in the context of the first party experience.
The first party must not pass information about this transaction to non-service provider third parties who could not collect the data themselves under this standard.
:: detour here to piwik forums ::
If you use piwik, visits with the 'Dnt' header are ignored unless the visitor is using MSIE. (This is really true. Policy decision.)
:: further detour to my own piwik settings to disable the "Do Not Track" plugin ::
Since the data live(s) on my own site and is/are accessible to nobody else, as far as I am concerned piwik is the "first party". So far, nobody seems to be suggesting that "Dnt" visits be omitted from Apache logs altogether.
If a third-party receives a communication to which a DNT:1 header is attached, that third party MAY nevertheless collect, use, and retain information related to that communication for these permitted uses:
Short term collection and use, where information is not transmitted to a third party or used to profile or personalize a user's experience;
Contextual content or ad delivery; <snip>
Compliance With Local Laws and Public Purposes
As long as there is:
(Psst! Developers! Got a problem there.)
Uhm, wait, so which is it? CAN you personalize ads, or can't you?