- From: Shane M Wiley <wileys@oath.com>
- Date: Mon, 23 Oct 2017 08:36:41 -0700
- To: Peter Cranstone <peter.cranstone@3phealth.com>
- Cc: "public-tracking-comments w3.org" <public-tracking-comments@w3.org>
- Message-ID: <CAEwb2ymhyUkOD5PD3DWCdwWVhgBbGZ+P_UnGZLKEL6N_5x0bxA@mail.gmail.com>
Peter, We have discussed revocation and this is captured in the TPE. It's the same path as setting an exception (UGE) in reverse. The devil in the detail will be how Publishers make this available to users such that is meets the parity requirement (UX is not defined by the TPE). - Shane On Mon, Oct 23, 2017 at 7:32 AM, Peter Cranstone < peter.cranstone@3phealth.com> wrote: > Some very important reading for privacy folks… > > The official e-privacy draft document showing the original Commission > draft alongside the agreed Parliament amendments. link > <http://www.europarl.europa.eu/sed/doc/news/flash/20215/A8-0324_2017_EN.docx> > > I would suggest doing a search for the word ‘consent’ and then reading the > latest amendments. The one on page 26 is particularly revealing. I’ve > copied it into this email below and left the formatting intact from the > original document, only to highlighting words in red to draw your attention > to them. > > (23) The principles of data protection by design and by default *are* > codified under Article 25 of Regulation (EU) 2016/679. Currently, the > default settings for cookies are set in most current browsers to ‘accept > all cookies’. Therefore providers of software *permitting electronic > communications (such as browsers, operating systems and communication > apps), irrespective of whether the software is obtained separately or > bundled with hardware, shall* configure the software so that *privacy is > protected, the cross- domain tracking and the* storing *of* information > on the terminal equipment * by* third *parties is prohibited by default*. *In > addition, providers of such software are required to offer sufficiently > granular options to consent to each distinct category of purposes. These > distinct categories include, at least, the following categories: (i) > tracking for commercial purposes or for direct marketing for non-commercial > purposes (behavioural advertising); (ii) tracking for personalised content; > (iii) tracking for analytical purposes; (iv) tracking of location data; (v) > providing personal data to third parties (including providing unique > identifiers to match with personal data held by third parties) No consent > is required for information that is collected from* end-users*’ terminal > equipment when it is strictly necessary for providing an information > society service requested by the end-user,* for example *in order to > adapt the screen size to the device, or to remember items in a shopping > basket. Web browsers, operating systems and communication apps should allow > the **end-user to consent to* cookies *or other information that is > stored on, or read from terminal equipment (including the browser on that > equipment*) *by a specific website or originator even when the general > settings prevent the interference and vice versa. With regard to a specific > party, web browsers and communication apps should also allow users to > separately consent to internet-wide tracking. Privacy settings should also > include options to allow the user to decide* for example, *whether > multimedia players, interactive programming language viewers, or similar > software can be executed, if a website can collect geo-location data from > the user, or if it can access specific hardware such as a webcam or > microphone*. Such privacy settings should be presented in an easily > visible and intelligible manner*, and at the moment of installation or > first use, users should be informed about the possibility to change the > default privacy settings among the various options*. *Information > provided should not dissuade users from selecting higher privacy settings > and should include relevant information about the risks associated to > allowing cross-domain trackers, including the compilation of long-term > records of individuals’ browsing histories and the use of such records to > send targeted advertising or sharing with more third parties. Software > manufacturers should be required to provide easy ways for users to change > the privacy settings at any time during use and to allow the user to make > exceptions for or to specify for such services websites trackers and > cookies are always or never allowed.* > > > DNT is going to need extensions and UGE database with a UI to be even > remotely viable as a privacy protocol for the Internet. And we haven’t even > discussed revocation of consent yet. Which is also going to be legally > binding like consent. > > > Peter > > Peter Cranstone > CEO, 3PHealth > > COMS: > Mobile/Signal: +1 - <303-246-9954>303-809-7342 <303-246-9954> UTC -6hrs > Skype: cranstone > Website | www.3phealth.com (Healthcare Patient Engagement and Data > Interoperability) > Website | www.3pmobile.com (Privacy by Design Platform for GDPR and > ePrivacy reg.) > > CONFIDENTIALITY NOTICE: This e-mail transmission, and any documents, files > or previous e-mail messages attached to it may contain information that is > confidential or legally privileged. Any unauthorized review, use, > disclosure or distribution of such information is prohibited. If you are > not the intended recipient, please notify the sender by telephone or return > e-mail and delete the original transmission and its attachments and destroy > any copies thereof. Thank you. > > > -- - Shane Shane Wiley VP, Privacy Oath: A Verizon Company
Received on Monday, 23 October 2017 15:37:08 UTC