W3C home > Mailing lists > Public > public-tracking@w3.org > May 2012

Re: explicit-explicit exception pairs

From: Rob van Eijk <rob@blaeu.com>
Date: Sat, 05 May 2012 17:40:44 +0200
Message-ID: <4FA549FC.4020107@blaeu.com>
To: Rigo Wenning <rigo@w3.org>
CC: ifette@google.com, Nicholas Doty <npdoty@w3.org>, public-tracking@w3.org, Matthias Schunter <mts-std@schunter.org>
This thread starts to overlap with 'ACTION-172: Write up more detailed 
list of use cases for origin/origin exceptions'

My assumption in this answer is that the browser reflects valid user 
consent. As a prerequisite, this implies that the user has made an 
informed choice, preferably in the install/update flow of the browser to 
use DNT technology as a granular consent expression mechanism.

Taking this assumption into account, my answer is easy, and I can be 
crystal clear on this:
1) Implied consent for * for an unknown list of parties is unacceptable 
for it does not lead to compliance.
2) Implied consent can only be valid for a select list of third parties 
operating in a first party context: the processors who have a legal 
processor-agreement with the first party (controller).

In Brussels I gave a detailed presentation on the criteria for consent 
to be valid. They are well published in the Art. 29 Working Parties 

Opinion 15/2011 on Consent: 


On 4-5-2012 22:31, Rigo Wenning wrote:
> Ian,
> this is very clear and I think we are at the core of the issue. I have to
> leave it to Rob (and it may take some time) to answer the question whether
> informed consent can be given to an unknown list of third parties tracking
> me. From my german and french law roots, I have a feeling it doesn't work,
> but maybe I'm wrong.
Received on Saturday, 5 May 2012 15:41:16 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:38:42 UTC