- From: Harshvardhan J. Pandit <me@harshp.com>
- Date: Wed, 20 Jul 2022 10:22:16 +0100
- To: Mark Lizar <mark@openconsent.com>
- Cc: "public-dpvcg@w3.org" <public-dpvcg@w3.org>
Hi. Replies are inline. On 20/07/2022 05:57, Mark Lizar wrote: >> On 19/07/2022 13:14, Mark Lizar wrote: > > In Canada we have something in legislation called meaningful consent. Meaningful consent, and evidence of this, is what is required to make a proof of consent digitally in our impementation. So this would be defined in a Canada specific extension similar to the GDPR Explicit consent term. The intention of defining these terms is to enable representing their use in some context, i.e. the consent obtained or notice shown was intended for X type of consent where X can be any of (informed, freely given, explicit, meaningful, etc.). > > In our implementation, how consent is defined is human centric not data protection centric, > This maps to implied consent being a reference to a legal justification other than consent, e.g. for a legal obligation, best interests of the PII Principal, or in the Public Interest. A contract is an agreement which we have taken great pain to pull apart from privacy, which has been enabled by the GPDR, which defined the 6 legal justification. > > Implicit consent standardized and codified (not just explicit consent - which is defined in data protection law) is a technical opportunity to stream line interaction with a code of practice / conduct. But the DPV currently indicates that its is the Controller that defines purpose, and this is not always the case. (And it shouldn’t be) If you have additional states / terms that are non-normative i.e. do not have a source, then you can define them in a separate specification / extension and propose their inclusion. >>>> On Jul 15, 2022, at 7:07 PM, Harshvardhan J. Pandit<me@harshp.com> wrote: >>>> >>>> >>>> **New Concepts** >>>> >>>> 1. ConsentRecord subtype of DataProcessingRecords >>>> 2. ConsentStatus subtype of Status, with subtypes Unknown, Requested, Refused, >>>> Given, Expired, Invalidated, Revoked, Reaffirmed >>>> 3. ConsentExpression with subtypes UninformedConsent, and InformedConsent - which >>>> has more subtypes as ImpliedConsent, and ExpressedConsent - which has more >>>> subtypes as ExplicitlyExpressedConsent. >>> # 3 seems very complicated - >> Not complicated enough - it doesn't include Freely Given, Unambigious, etc ... But we'd add these in DPV-GDPR. > - what do you think the reference “freely given” actually refers too? GDPR Recital 43 >>> From the human centric perspective everything can be interpreted as sometype of consent . >> We're scoping ourselves to data protection / privacy laws and terms for the group. > then your not scoping consent . Your scoping consent for the data protector (not the human consent controller) which is where the DPV should note this limitation. . You are correct. We're NOT considering consent in the broad sociological or philosophical sense. We're limiting the scope of this work to that aligned with data protection / privacy laws and norms. -- --- Harshvardhan J. Pandit, Ph.D Research Fellow ADAPT Centre, Trinity College Dublin https://harshp.com/
Received on Wednesday, 20 July 2022 09:22:45 UTC