Hi Peter, Matthias
Can we have an item on the agenda for Boston to discuss European compliance
issues and the suggestions in the API I submitted on 29th (action-346 also
attached to this).
I think this is very relevant to the compliance debate on de-identification
in view of the requirement for an "automatic mechanism" for signalling
consent for pseudonymous identifiers called for in the draft GDPR. It is
also important to address issues arising from third-parties operating in
different jurisdictions from the first-party data controller, which will
occur often. This is especially important for us in Europe because the
compliance spec. may have different descriptions of such things as permitted
use and differentiate between first and third parties in a way incompatible
with European data protection law.
Thanks
Mike