Re: issue-268 Re: TPWG Compliance Last Call next steps and schedule

Nick:

I am fine with you proposal and concur with Mike on Issue-272, i.e. to 
add a non-normative note to the end of 2.5 Party saying:

"When data pertaining to a user’s actions is collected as a result of 
one or more network interactions, a party acts in one of roles defined 
below, i.e. as a first party or as a third party to a given user action. 
These terms are not meant to denote the business practices of entities 
as a whole, but rather to describe a party’s role in a particular 
network interaction."

On the remaining issues (268-272) - Issue-268 particularly - I would 
like to repeat that there remains a gap between DNT and the current 
European legal regime(s). The same goes for compliance under the GDPR. 
The burden to close the gap rests on the implementers.

The proposed resolutions work partially because they do not close the 
gap for implementers to become compliant with the legal requirements in 
the EU. However, I think it is important to start implementing and I 
would therefore not want to block the process of getting the compliance 
document to the next maturity level. The important thing here is that 
DNT has a every chance in the EU to be a successful tool to become 
legally compliant. There is even an implicit reference to DNT building 
blocks in Article 19 (2b) of the GDPR which - IMHO - may be read in 
conjunction with Recital 66 of the revised ePrivacy Directive 
2009/136/EC.

"At the latest at the time of the first communication with the data 
subject, the right referred to in paragraphs 1 and 2 shall be explicitly 
brought to the attention of the data subject and shall be presented 
clearly and separately from any other information. [Article 19 (2b), 
GDPR]"

Simply put, the basic building blocks are in the TPE, and if 
implementers need more building blocks in the standard we can work on 
those. The compliance document with a reference to global considerations 
should remind them about the legal requirements depending on which legal 
framework applies.

On Issue-262, I propose to take the same route as you have handled the 
input from the OPC, which is currently reflected in the wiki. The 
Working Party has given guidance on, e.g., legal requirements in the EU 
for cookies, consent, de-identification/anonymisation techniques in 
various opinions, and has pointed out areas of improvement and areas of 
concern in its letters to the W3C.

Regards,
Rob


Nick Doty schreef op 2015-12-08 03:14:
> Thanks for volunteering, Mike. Rob, would you and your colleagues also
> be willing to contribute to this, given that it was a comment from
> Article 29 regarding different regulatory requirements?
> 
> I can set up an ad hoc WebEx call for any interested parties. Or we
> can iterate in email. An initial question for me is the URL: is this
> best as a continuation of the Global Considerations document, which
> the group could publish as a non-normative note? Or a wiki page?
> 
> Thanks,
> Nick
> 
>> On Nov 26, 2015, at 7:15 AM, Mike O'Neill
>> <michael.oneill@baycloud.com> wrote:
>> 
>> I can help out with the new Global Considerations document or wiki
>> page. Given the time should we have a webex call to discuss it? Let
>> me know off list and I will start a doodle.
>> 
>> FROM: Carl Cargill [mailto:cargill@adobe.com]
>> SENT: 26 November 2015 01:31
>> TO: public-tracking@w3.org
>> CC: Carl Cargill <cargill@adobe.com>
>> SUBJECT: TPWG Compliance Last Call next steps and schedule
>> 
>> On issue-268, the comment regarding regulatory compliance, the
>> proposed language includes linking to another document, either the
>> Global Considerations document or a wiki page. We would need members
>> of the Working Group to commit to contributing such a document in
>> order to include that link, otherwise the Group likely should not
>> make a change to the specification. Please note such commitments no
>> later than next Wednesday, December 2nd.

Received on Thursday, 17 December 2015 12:09:29 UTC