- From: Kimon Zorbas <vp@iabeurope.eu>
- Date: Wed, 22 Feb 2012 08:19:28 +0000
- To: Rigo Wenning <rigo@w3.org>, "public-tracking@w3.org" <public-tracking@w3.org>
- CC: Amy Colando <acolando@microsoft.com>
Hi Rigo, I am not sure we should delve into legal terms, working on a technical standard. While at high level this might be correct for the EU level Directive, we have 27 versions of data controller (Data Protection in EU not being harmonized, with differing definitions across the EU) and also we currently have a proposal to revise the 95/46/EC Data protection Directive and don't know how processors position might change and fit with what you proposed. Kind regards, Kimon Zorbas Vice President IAB Europe On 22/02/12 09:08, "Rigo Wenning" <rigo@w3.org> wrote: >Hi Amy, > >interesting definition. Would you mind that we add a footnote explaining >that >for a EU context this would just be the data-controller? > >The definition is: >'controller' shall mean the natural or legal person, public authority, >agency >or any other body which alone or jointly with others determines the >purposes >and means of the processing of personal data; where the purposes and >means of >processing are determined by national or Community laws or regulations, >the >controller or the specific criteria for his nomination may be designated >by >national or Community law; > >the notion of control in your definition fits well IMHO, so people would >understand that we intended no big split here. The footnote would make >clear >that we considered the question at creation-time. > >The edges where your definition splits from "data controller" are with >the >pure co-branding exercise as here the decree of control is lesser and >lesser. > >An evil definition, as the romans would have done, would use the human >weakness to define the borders: >A processing is considered first party processing as long as the natural >or >legal person, public authority, agency or any other body is taking >liability >for any mistakes concerning that processing. > >Best, > >Rigo > >On Wednesday 22 February 2012 00:42:51 Amy Colando wrote: >> Per the Action 124, here's a proposed First Party definition that I have >> worked on with Shane and Ted: >> >> A First Party is the entity that owns the Web site or has Control over >>the >> Web site the consumer visits. A First Party also includes the owner of a >> widget, search box or similar service with which a consumer interacts, >>even >> if such First Party does not own or have Control over the Web site where >> the widget or services are displayed to the consumer. >> >> A First Party includes Affiliates of that First Party, but only to the >> extent that the Affiliate is (1) an entity that Controls, is Controlled >> by, or us under common Control with, the First Party; or (2) an entity >> where the relationship to the First Party is clear to consumers through >> co-branding or similar means. >> >> A First Party must make reasonable efforts to disclose, in a manner >>easily >> discoverable by Users, its ownership or Control of a site or service, >>such >> as through branding on the site or service, disclosures in the privacy >> policy or terms of use linked to that site or service, or .... >> >> Control of an entity means that one entity (1) is under significant >>common >> ownership or operational control of the other entity, or (2) has the >>power >> to exercise a controlling influence over the management or policies of >>the >> other entity. In addition, for an entity to be under the Control of >> another entity and be treated as a First Party under this standard, the >> entity must also adhere to DNT standard in this specification. >> > >
Received on Wednesday, 22 February 2012 08:20:11 UTC