@kornelski @spinda that doesn't really solve the underlying problem though, it only constrains the problem to the origin (granted, it certainly helps limiting the damage). But, as I understand the GDPR, it is _illegal_ for the UA to leak personal data to the page script in the first place _even to the origin_. If the page extracts data from the `:visited` link database without my consent (illegally) then the UA is liable. I don't see why it matters from a legal POV that the origin _could_ have recorded that data itself (illegally) through other means. -- GitHub Notification of comment by MatsPalmgren Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/3012#issuecomment-412604347 using your GitHub accountReceived on Monday, 13 August 2018 17:46:52 UTC
This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 06:41:35 UTC