- From: Rob van Eijk <rob@blaeu.com>
- Date: Sat, 05 May 2012 17:40:44 +0200
- To: Rigo Wenning <rigo@w3.org>
- CC: ifette@google.com, Nicholas Doty <npdoty@w3.org>, public-tracking@w3.org, Matthias Schunter <mts-std@schunter.org>
This thread starts to overlap with 'ACTION-172: Write up more detailed list of use cases for origin/origin exceptions' My assumption in this answer is that the browser reflects valid user consent. As a prerequisite, this implies that the user has made an informed choice, preferably in the install/update flow of the browser to use DNT technology as a granular consent expression mechanism. Taking this assumption into account, my answer is easy, and I can be crystal clear on this: 1) Implied consent for * for an unknown list of parties is unacceptable for it does not lead to compliance. 2) Implied consent can only be valid for a select list of third parties operating in a first party context: the processors who have a legal processor-agreement with the first party (controller). In Brussels I gave a detailed presentation on the criteria for consent to be valid. They are well published in the Art. 29 Working Parties opinion. Preso: http://lists.w3.org/Archives/Public/public-tracking/2012Jan/att-0268/W3C_v2.pdf Opinion 15/2011 on Consent: http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2011/wp187_en.pdf Rob On 4-5-2012 22:31, Rigo Wenning wrote: > Ian, > > this is very clear and I think we are at the core of the issue. I have to > leave it to Rob (and it may take some time) to answer the question whether > informed consent can be given to an unknown list of third parties tracking > me. From my german and french law roots, I have a feeling it doesn't work, > but maybe I'm wrong.
Received on Saturday, 5 May 2012 15:41:16 UTC