- From: Harshvardhan J. Pandit <me@harshp.com>
- Date: Tue, 9 Apr 2019 13:10:08 +0100
- To: Eva Schlehahn <uld67@datenschutzzentrum.de>, Data Privacy Vocabularies and Controls Community Group <public-dpvcg@w3.org>
Hi Eva.
On 09/04/2019 12:51, Eva Schlehahn wrote:
> So my compromise suggestion is now: Instead of acknowledging the two
> different cases by naming them 'explicit' and 'regular' consent, we
> could rather call them 'explicit' and 'non-explicit' consent. Problem
> solved! :)
Okay. So our terms will be -
A6(1)(a)-non-explicit-consent
legal basis where valid explicit consent is NOT required
A6(1)(a)-explicit-consent
legal basis where valid explicit consent IS required
as not -
A6(1)(a)
legal basis where valid consent is required
A6(1)(a)-explicit-consent
legal basis where valid explicit consent is required
> One additional comment with regard to Art. 22 para 2 (c) and Art. 49
> para. 1 (a) GDPR - these are NOT legal bases on their own! Rather, they
> describe situations where e.g. consent based on Art. 6 para 1 (a) is
> possible, but which trigger the additional condition that it needs to be
> the explicit version of this consent.
I'm curious - why is A9(2)(a) treated as a legal basis but not A22(2)(c)
and A49(1)(a) ?
Doesn't A9 also state conditions where the explicit version of consent
in A6(1)(a) is needed? i.e. use of special categories of personal data
In my mind, I'm seeing this as -
------------------------------------------------------------------
consent for: legal basis special case legal basis
------------------------------------------------------------------
personal data A6(1)(a) special categories A9(2)(a)
------------------------------------------------------------------
data transfer A6(1)(a) third country transfer A49(1)(a)
------------------------------------------------------------------
Of course there are more conditions to A49 such as safeguards etc.
--
---
Harshvardhan Pandit
PhD Researcher
ADAPT Centre
Trinity College Dublin
Received on Tuesday, 9 April 2019 12:11:15 UTC