- From: Georg Philip Krog <georg@signatu.com>
- Date: Wed, 10 Jun 2020 11:08:25 +0200
- To: "Harshvardhan J. Pandit" <me@harshp.com>
- Cc: Data Privacy Vocabularies and Controls Community Group <public-dpvcg@w3.org>
- Message-ID: <CAPOUEwn7bLm9DKyew+7GuEiNkiDitxoV4GquXAEcEBsaWcEKFg@mail.gmail.com>
Thanks for this Harsh! W3C should be careful not to develop a standard that would depend on a license permission from ISO. Speaking for myself and for Signatu: I would be hesitant to contribute to a standard that I afterwards would have to pay to use ... Best regards, Georg On Tue, Jun 9, 2020 at 4:40 PM Harshvardhan J. Pandit <me@harshp.com> wrote: > Dear All, > > ISO/IEC 29184 concerns "content and the structure of online privacy > notices as well as the process of asking for consent to collect and > process personally identifiable information (PII) from PII Principals" > https://www.iso.org/standard/70331.html > > Some preliminary observations: > 1) It uses ISO/IEC terminology, specifically that from ISO/IEC 24760 > 2) It concerns notices shown during consent interactions online > 3) Involves terminology regarding purposes, processing, etc. without > specification to any individual laws/regulations > 4) Provides a description of workflow/dataflow/processes involved in the > online notice-and-consent mechanism ; including changes to it > 5) Annex A contains examples of interfaces > 6) Annex B provides example of consent receipt > > I *strongly* propose incorporating the standard and its implications > within the DPVCG - in particular for DPV and establishing how it can > best provide vocabularies compatible with the standard. > > Regards, > > -- > --- > Harshvardhan Pandit, Ph.D > Researcher at ADAPT Centre, Trinity College Dublin > https://harshp.com/research/ > > -- Georg Philip Krog signatu <https://signatu.com>
Received on Wednesday, 10 June 2020 09:12:59 UTC