Re: explicit-explicit exception pairs

This thread starts to overlap with 'ACTION-172: Write up more detailed 
list of use cases for origin/origin exceptions'

My assumption in this answer is that the browser reflects valid user 
consent. As a prerequisite, this implies that the user has made an 
informed choice, preferably in the install/update flow of the browser to 
use DNT technology as a granular consent expression mechanism.

Taking this assumption into account, my answer is easy, and I can be 
crystal clear on this:
1) Implied consent for * for an unknown list of parties is unacceptable 
for it does not lead to compliance.
2) Implied consent can only be valid for a select list of third parties 
operating in a first party context: the processors who have a legal 
processor-agreement with the first party (controller).

In Brussels I gave a detailed presentation on the criteria for consent 
to be valid. They are well published in the Art. 29 Working Parties 
opinion.

Preso: 
http://lists.w3.org/Archives/Public/public-tracking/2012Jan/att-0268/W3C_v2.pdf
Opinion 15/2011 on Consent: 
http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2011/wp187_en.pdf

Rob

On 4-5-2012 22:31, Rigo Wenning wrote:
> Ian,
>
> this is very clear and I think we are at the core of the issue. I have to
> leave it to Rob (and it may take some time) to answer the question whether
> informed consent can be given to an unknown list of third parties tracking
> me. From my german and french law roots, I have a feeling it doesn't work,
> but maybe I'm wrong.

Received on Saturday, 5 May 2012 15:41:16 UTC