- From: Mats Palmgren via GitHub <sysbot+gh@w3.org>
- Date: Mon, 13 Aug 2018 17:46:50 +0000
- To: public-css-archive@w3.org
@kornelski @spinda that doesn't really solve the underlying problem though, it only constrains the problem to the origin (granted, it certainly helps limiting the damage). But, as I understand the GDPR, it is _illegal_ for the UA to leak personal data to the page script in the first place _even to the origin_. If the page extracts data from the `:visited` link database without my consent (illegally) then the UA is liable. I don't see why it matters from a legal POV that the origin _could_ have recorded that data itself (illegally) through other means. -- GitHub Notification of comment by MatsPalmgren Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/3012#issuecomment-412604347 using your GitHub account
Received on Monday, 13 August 2018 17:46:52 UTC