Re: issue-268 Re: TPWG Compliance Last Call next steps and schedule

Last paragraph: s/Issue-262/Issue-268/

Rob van Eijk schreef op 2015-12-17 12:08:
> Nick:
> I am fine with you proposal and concur with Mike on Issue-272, i.e. to
> add a non-normative note to the end of 2.5 Party saying:
> "When data pertaining to a user’s actions is collected as a result of
> one or more network interactions, a party acts in one of roles defined
> below, i.e. as a first party or as a third party to a given user
> action. These terms are not meant to denote the business practices of
> entities as a whole, but rather to describe a party’s role in a
> particular network interaction."
> On the remaining issues (268-272) - Issue-268 particularly - I would
> like to repeat that there remains a gap between DNT and the current
> European legal regime(s). The same goes for compliance under the GDPR.
> The burden to close the gap rests on the implementers.
> The proposed resolutions work partially because they do not close the
> gap for implementers to become compliant with the legal requirements
> in the EU. However, I think it is important to start implementing and
> I would therefore not want to block the process of getting the
> compliance document to the next maturity level. The important thing
> here is that DNT has a every chance in the EU to be a successful tool
> to become legally compliant. There is even an implicit reference to
> DNT building blocks in Article 19 (2b) of the GDPR which - IMHO - may
> be read in conjunction with Recital 66 of the revised ePrivacy
> Directive 2009/136/EC.
> "At the latest at the time of the first communication with the data
> subject, the right referred to in paragraphs 1 and 2 shall be
> explicitly brought to the attention of the data subject and shall be
> presented clearly and separately from any other information. [Article
> 19 (2b), GDPR]"
> Simply put, the basic building blocks are in the TPE, and if
> implementers need more building blocks in the standard we can work on
> those. The compliance document with a reference to global
> considerations should remind them about the legal requirements
> depending on which legal framework applies.
> On Issue-262, I propose to take the same route as you have handled the
> input from the OPC, which is currently reflected in the wiki. The
> Working Party has given guidance on, e.g., legal requirements in the
> EU for cookies, consent, de-identification/anonymisation techniques in
> various opinions, and has pointed out areas of improvement and areas
> of concern in its letters to the W3C.
> Regards,
> Rob
> Nick Doty schreef op 2015-12-08 03:14:
>> Thanks for volunteering, Mike. Rob, would you and your colleagues also
>> be willing to contribute to this, given that it was a comment from
>> Article 29 regarding different regulatory requirements?
>> I can set up an ad hoc WebEx call for any interested parties. Or we
>> can iterate in email. An initial question for me is the URL: is this
>> best as a continuation of the Global Considerations document, which
>> the group could publish as a non-normative note? Or a wiki page?
>> Thanks,
>> Nick
>>> On Nov 26, 2015, at 7:15 AM, Mike O'Neill
>>> <> wrote:
>>> I can help out with the new Global Considerations document or wiki
>>> page. Given the time should we have a webex call to discuss it? Let
>>> me know off list and I will start a doodle.
>>> FROM: Carl Cargill []
>>> SENT: 26 November 2015 01:31
>>> TO:
>>> CC: Carl Cargill <>
>>> SUBJECT: TPWG Compliance Last Call next steps and schedule
>>> On issue-268, the comment regarding regulatory compliance, the
>>> proposed language includes linking to another document, either the
>>> Global Considerations document or a wiki page. We would need members
>>> of the Working Group to commit to contributing such a document in
>>> order to include that link, otherwise the Group likely should not
>>> make a change to the specification. Please note such commitments no
>>> later than next Wednesday, December 2nd.

Received on Thursday, 17 December 2015 12:10:38 UTC