- From: Mike O'Neill <michael.oneill@baycloud.com>
- Date: Fri, 16 Dec 2016 13:15:45 -0000
- To: "'Jeff Jaffe'" <jeff@w3.org>, <public-tracking@w3.org>
- Message-ID: <03df01d2579e$82c87430$88595c90$@baycloud.com>
Jeff, The EU body of data protection law is the de-facto “compliance regime”, for instance the GDPR where consent is the most important legal basis for processing (of personal data), and, if there is a claimed “legitimate interest” in processing by a company, there has to be the right to object (by “automated means” see A21.5) The new ePrivacy regulation builds on the original directive in many ways, also saying that browser settings could be used if they conveyed “freely given, specific and informed consent” for access to storage (i.e. cookies) by also now explicitly referring to tracking by any other means, e.g. browser fingerprinting. Of course there is no specific requirement for the particular DNT header and protocol, but at this time there is no alternative. As has been pointed out any method for delivering consent has to be capable of being revoked, have an expiry mechanism, be cross-domain (so sub-resources can see it), and be capable of being site-specific. Mike From: Jeff Jaffe [mailto:jeff@w3.org] Sent: 16 December 2016 12:45 To: Mike O'Neill <michael.oneill@baycloud.com>; public-tracking@w3.org Subject: Re: ePrivacy & DNT Mike, Thanks for the pointer. I didn't see where this pointed to any W3C Standard for Do Not Track, or any compliance regime. Is it correct that any utilization of any (non-standard) browser setting and any compliance definition would satisfy these regs? Jeff On 12/16/2016 4:37 AM, Mike O'Neill wrote: This a good summary of the leaked draft ePrivacy regulation, and points out the relevance to Do Not Track: https://iapp.org/news/a/eprivacy-leaked-draft-the-good-the-bad-and-the-missi ng
Received on Friday, 16 December 2016 13:16:49 UTC