Re: Are blanked exceptions usable in the EU? [ISSUE-129]

Hi Shane/Kimon


thanks for your responses.

Is your suggestion (from a technology/TPE perspective), that the feature
is useful (and should be there)
while it may not be usable/useful under some legislations?

This means that whether to what extent feature is actually used is up to
competition/legislation/ or other factors external to the TPE document.

Nevertheless, I believe that  (if we allow an exception for "*" as a
third party), a viable question is still how a user can actually find
out what third parties are used at a given time by a given site.

Other opinions?


Regards,
matthias


On 26/03/2012 19:34, Shane Wiley wrote:
>
> Ninja and I haven't had an opportunity to connect on this topic yet. 
>
>  
>
> As Kimon rightly points out, there are varying EU country-level
> interpretations of appropriate consent expression.  My belief is for
> an Exchange level interaction, if the serving party is significantly
> limited in their data use (collected upon ad bid), then there is a
> fair argument that the party may be acting more as a data processor
> (service provider) than a controller at that moment and therefore may
> not need consent at all.  If you layer this on top of a broad user
> consent mechanism (must appropriately and fairly articulate to the
> user the breadth of their exception -- aka "*") then this may be
> acceptable from an EU Data Protection Directive (and further through
> the draft Data Protection Regulation) -- especially as tools are
> available within browsers today to accept or reject individual 3^rd
> parties as they are introduced to a user.
>
>  
>
> This discussion is more rightly placed in the companion document we
> discussed last week as outside of the standards document.  I don't
> believe we should develop any country specific features for DNT and
> instead allow guidance for each country's legal system to begin to
> tease this out (many elements are in legal "grey areas"). 
>
>  
>
> As I believe Kimon and Ninja would agree, there is not a bright-line
> rule in this case and therefore there will be considerable
> discussion/debate on this topic (and others related to DNT) within the
> EU (and other legal jurisdictions, including the US).
>
>  
>
> - Shane
>
>  
>
> *From:*Kimon Zorbas [mailto:vp@iabeurope.eu]
> *Sent:* Monday, March 26, 2012 12:39 PM
> *To:* Matthias Schunter; Ninja Marnau; Shane Wiley
> *Cc:* public-tracking@w3.org
> *Subject:* Re: Are blanked exceptions usable in the EU? [ISSUE-129]
>
>  
>
> Hi Matthias,
>
> I am not clear, what the purpose would be? The E-Privacy Directive is
> not harmonised across the EU and as a consequence there cannot be a
> certain answer to what consent means (or how far it goes) or how such
> consent can be expressed (we believe browser settings can be used but
> it's not that easy either). Sorry not being able to give a simple
> response on this.
>
> Kind regards,
> Kimon
>
> ----- Reply message -----
> From: "Matthias Schunter" <mts-std@schunter.org>
> To: "Ninja Marnau" <ULD66@datenschutzzentrum.de>, "Shane Wiley
> (yahoo)" <wileys@yahoo-inc.com>
> Cc: "public-tracking@w3.org" <public-tracking@w3.org>
> Subject: Are blanked exceptions usable in the EU? [ISSUE-129]
> Date: Mon, Mar 26, 2012 6:33 pm
>
>  
>
> Hi Ninja/Shane,
>
>
> during our last call, you disagreed whether it is OK (=considered
> sufficient consent) from an EU legal perspective that an individual
> accepts an exception for "any" third party used on a given site.
>
> While I understood there is no problem to agree to a defined list
> "thirdparty1, thirdparty2, ...", there seems to be a problem if this
> list is undefined.
>
> A second question is whether an OK to 'any' is OK if the user can then
> later learn what parties where actually in use.
>
> How about either agreeing offline or else starting this discussion on
> the list?
>
> FYI: From a technical perspective, it is OK to include a function that
> would not be usable in the EU, however, in this case some guidance for
> sites may be helpful anyway.
>
>
> Regards,
>
> Matthias
>
>
>
>