- From: Mike O'Neill via GitHub <sysbot+gh@w3.org>
- Date: Fri, 11 Feb 2022 15:09:11 +0000
- To: public-patcg@w3.org
> @michael-oneill If consent remains the basis, the browser could obtain consent for its own processing but the processing of others could prove a challenge in some cases (see TCF). This is completely a side-track, but note that if the browser obtains consent for its own processing and sharing, that would imply that the browser is a controller. Following that path, you quickly reach the point at which the browser would need a legal basis for instance to provide non-essential cookies. I've long said that this is a plausible legal theory under the GDPR, but I think that a legal requirement to put an ATT-style dialog in browsers would make some waves :) The browser does not need to ask for consent for it, just not send the reports unless the user has changed the default setting to "on" for the particular MPC domains. Sites might ask users to change it, but thats why a non-communicated setting is a good idea - sites will never know that a particular user has not opted-in. Sending prompts to everybody all the time will ensure their sites are just avoided. The setting needs to be domain specific, i.e. the user agrees that a particular set of MPC servers can get reports, so the browser cannot be accused of sending the data to all controllers. It can remind users via suitable UI, maybe a well understood indicator, when they have given consent, what MPC helpers get the reports, identity information of the managing entities etc. There is laready facility in the ePD for allowing storage use to fulfil a purpose requested by the user, and the browser can claim GDPR A6.1 (consent) legal basis for processing PD for this purpose. -- GitHub Notification of comment by michael-oneill Please view or discuss this issue at https://github.com/patcg/proposals/issues/5#issuecomment-1036313476 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Friday, 11 February 2022 15:09:13 UTC