- From: James Rosewell via GitHub <sysbot+gh@w3.org>
- Date: Wed, 23 Mar 2022 17:45:01 +0000
- To: public-patcg@w3.org
Here is how the CMA and Google dealt with this in their commitments as background and possible replication in the charter. What Google accepted was that it needed to define “Personal Data” with reference to “Applicable Data Protection legislation” in relation to GDPR. Thus, “Privacy” is not itself defined, but instead, “Personal Data” is defined in relation to GDPR via the definition of “Applicable Data Protection Legislation”. In essence, the definition of “Personal Data” used in conjunction with the definition of “Applicable Data Protection Legislation” represents the definition of Privacy. Please see below. 1. Personal Data “Personal Data” means personal data as defined in the Applicable Data Protection Legislation;” - as defined in Google’s commitments. In the final commitments, the CMA accepted Google’s definition of “Personal Data” and stated in paragraph 4.47 that: “In the Final Commitments, Google has clarified the definition of ‘Google First Party Personal Data’ by replacing ‘data’ with the defined term ‘Personal Data’. The CMA considers that this clarifies that the data referred to in this definition is Personal Data (as defined under the Applicable Data Protection Legislation) collected from Google’s user-facing services or services on the Android operating system as deployed in smartphones, connected televisions or other smart devices. In accordance with the current legislative framework, this term does not apply to data from which a living individual cannot be identified. The term does not apply to, for example, truly anonymised data.” 3. Applicable Data Protection Legislation “Applicable Data Protection Legislation” means all applicable data protection and privacy legislation in force in the UK, including the Data Protection Act 2018, the UK General Data Protection Regulation (and regulations made thereunder) and the Privacy and Electronic Communications (EC Directive) Regulations 2003;” - as defined in Google’s commitments. In the final commitments the CMA accepted that the definition offered by Google was sufficient – and in paragraph 4.70 it stated that: “The CMA considers that a clarification to the definition of ‘Applicable Data Protection Legislation’ is not necessary. The current wording of the definition allows it to apply to both future updates and other relevant legislation.” For the avoidance of doubt the Privacy Principles produced by TAG as currently drafted would not be an acceptable reference point as it does not align to laws but seeks to define quasi-laws. In that regard its inclusion would result in a similar issue to #10 . -- GitHub Notification of comment by jwrosewell Please view or discuss this issue at https://github.com/patcg/patwg-charter/issues/6#issuecomment-1076629688 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 23 March 2022 17:45:02 UTC