RE: Another agenda item for Boston



The requirement in Europe for consent for tracking is highly unlikely to
change. It is primarily a continuation of the existing Data Protection and
Data Privacy Directives which both require consent for processing. The
latter also says that identifiers (e.g.  cookies) can be stored in browsers
without informed consent only if they are required to solely fulfil a
service explicitly requested by the user. The requirement for consent has
overwhelming support across Parliament and  that is unlikely to be
overturned by the Council even if there was a majority there, which there is


That is the reality whatever the lobbyists tell you.


It is very worthwhile for the group to discuss how both the DNT compliance
and technical spec. will interact across jurisdictions. The web is now
global and can only become more so.




From: Shane Wiley [] 
Sent: 06 February 2013 17:19
To: Mike O'Neill; Peter Swire; 'Matthias Schunter (Intel Corporation)'
Subject: RE: Another agenda item for Boston




While I agree that we should have some time to discuss the Global
Considerations document and Rigo's efforts in that area, I don't believe
it's worthwhile for the group to review a suggestion to align with a draft
regulation that is already undergoing significant change since your original
proposal (trying to hit a moving target prematurely).  Let's save that
conversation for mailing list and/or a call to sort through the details
(especially as we see the draft regulation slow its rate of material
change).  Fair?


- Shane


From: Mike O'Neill [] 
Sent: Wednesday, February 06, 2013 10:13 AM
To: Peter Swire; 'Matthias Schunter (Intel Corporation)'
Subject: Another agenda item for Boston


Hi Peter, Matthias


Can we have an item on the agenda for Boston to discuss European compliance
issues and the suggestions in the API I submitted on 29th (action-346 also
attached to this).


I think this is very relevant to the compliance debate on de-identification
in view of the requirement for an "automatic mechanism" for signalling
consent for pseudonymous identifiers called for in the draft GDPR. It is
also important to address issues arising from third-parties operating in
different jurisdictions from the first-party data controller, which will
occur often. This is especially important for us in Europe because the
compliance spec. may have different descriptions of such things as permitted
use and differentiate between first and third parties in a way incompatible
with European data protection law.







Received on Wednesday, 6 February 2013 20:21:03 UTC