W3C home > Mailing lists > Public > public-privacy@w3.org > October to December 2013

Re: Article 29 WP and cookies

From: Robin Wilton <wilton@isoc.org>
Date: Fri, 18 Oct 2013 17:15:07 +0100
Message-Id: <A181A93D-4D34-46BC-B155-06729D8B70EB@isoc.org>
Cc: "public-privacy (W3C mailing list)" <public-privacy@w3.org>
To: David Singer <singer@apple.com>
Hi David,

I share your concern, and whenever possible Christine and I tend to make the point that legislating in terms of specific technologies seldom works well. If there is a benefit to the current EU cookie laws, it is that they provide a very useful example.

I've also just turned from a session with the Data Protection committee of the Council of Europe, which has turned its attention to biometrics. I made the same point in that context, and Christine and I will keep an eye on that work in coming months.

That said, I do think it is important that those responsible for technical standardisation work are kept appropriately informed of policy directions, and that we do our best to improve policy-makers' understanding of technology and standardisation. As it happens, the committee also heard a presentation yesterday about the activities of ISO SC27, particularly WG5 (Privacy and Identity Management), which I believe they found most informative. This came about as a result of my putting members of the two groups together earlier in the year.


Robin Wilton

Technical Outreach Director - Identity and Privacy

On 18 Oct 2013, at 00:34, David Singer <singer@apple.com> wrote:

> Thanks
> I continue to be concerned that regulations talk about specific technologies (cookies, in this case), and not principle (privacy and the recording of information about users).
> I think we'd get better results if policy is mostly worked in the government and regulatory area, and technology in places such as a the W3C.  As it is, we see discussions of both in both places, and I think it can be confusing.
> On Oct 14, 2013, at 6:39 , Christine Runnegar <runnegar@isoc.org> wrote:
>> The European Article 29 Working Party recently adopted Working Document 02/2013 providing guidance on obtaining consent for cookies
>> http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2013/wp208_en.pdf
>> Among other things, the Article 29 WP says "… that should a website operator wish to ensure that a consent mechanism for cookies satisfies the conditions in each Member State such consent mechanism should include each of the main elements specific information, prior consent, indication of wishes expressed by user’s active behavior and an ability to choose freely."
>> (These are explained in further detail in the Working Document.)
>> They also say: 
>> "If certain cookies are therefore not needed in relation to the purpose of provision of the website service, but only provide for additional benefits of the
>> website operator, the user should be given a real choice regarding those cookies. The types of cookies that might be disproportionate in relation to the purpose of the website may vary depending on the context.
>> An example, where consent to non-necessary cookies would be considered disproportionate are websites providing certain services, where the user could be seen as having few or no other options but to use the service, and thus having no real choice as to the usage of cookies. In most EU Member States this is particularly the case with public sector services.
>> Users should also be offered a real choice regarding tracking cookies. …"
> David Singer
> Multimedia and Software Standards, Apple Inc.
Received on Friday, 18 October 2013 16:12:04 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:49:26 UTC