- From: Walter van Holst <walter@vanholst.com>
- Date: Tue, 28 Mar 2017 22:41:37 +0200
- To: public-tracking@w3.org
On 2017-03-28 22:06, Shane M Wiley wrote: > Rob, > > Thank you for that perspective but again nothing here mandates that > the browser play a role outside of recording the consent as determined > by the controller and allowing users a "equally easy" manner in which > to remove that consent. I'm still not convinced that there is a need > for machine readable elements in the TSO to enable user agent > capabilities beyond those needs. I would agree with your legal counsel that a grammatical reading of the GDPR does not provide for such an positive obligation regarding providing consent. However, the GDPR has in article 21(5) a positive obligation regarding the ease of withdrawal of consent, which is a special case on top of the general provision on withdrawal of consent in article 7(3) GDPR. I have been told by Jan-Philippe Albrecht's staff that the amendment that gave rise to article 21(5) GDPR was specifically proposed with the W3C DNT WG in mind. This alone should give your legal counsel pause. And once he or she is at it, this alone is a strong basis for a non-grammatical interpretation of the GDPR that there is a similar obligation for giving consent, but that the legislator assumed that data controller's would feel an sufficiently enlightened self-interest that they would create such easy avenues for doing so anyway. In light of the consent requirements of art 7 GDPR, it would make no sense whatsoever to not allow for meta-data that would allow for machine-readability. I would strongly support Rob's suggestion for an optional array for this purpose. And no, I definitely don't want this to become another P3P. Let's keep things as simple as possible, but not simpler than that. Regards, Walter
Received on Tuesday, 28 March 2017 20:42:13 UTC