- From: Rigo Wenning <rigo@w3.org>
- Date: Wed, 30 Jan 2002 18:55:51 +0100
- To: Keith Ball <KBall@ecolor.com>
- Cc: "'www-p3p-policy@w3.org'" <www-p3p-policy@w3.org>
I'm aware of this project for a communications directive. I've read all the documents so far.. The issue is, that the Directive on want's to establish the principle of data self determination also with cookies. The details about how an agreement with the user can be reached and recorded is not given. This varies from country to country. In Germany, consent is regulated by § 3: Principles for the processing of personal data in it's 7th paragraph: (7) Consent can also be declared electronically if the provider ensures that 1. such consent can be given only through an unambigious and 2. deliberate act by the user, 3. consent cannot be modified without detection, 4. the creator can be identified, 5. the consent is recorded and 6 the text of the consent can be obtained by the user on request at any time. This means, that consent would need an electronic signature, which raises other privacy concerns. I have the feeling, that they wanted to do something about cookies, but did not get the feeling of what it actually means. So they ruled and said: Cookies only after user's consent... But if this requires P3P, an OK-button or an electronic signature is totally unclear... Best, -- Rigo Wenning W3C/INRIA Policy Analyst Privacy Activity Lead mail:rigo@w3.org 2004, Routes des Lucioles http://www.w3.org/ F-06902 Sophia Antipolis On Fri, Jan 25, 2002 at 02:56:40PM -0800, Keith Ball wrote: > Has anyone read this new directive from the European Council on privacy? > See the URL below to download an English PDF of the Directive. It isnt > approved by the Parliament yet, but that is expected in a few months. > > I am wondering if anyone has worked with the EC on this or is familiar with > the work and knows: > > 1. If P3P and IE6 will be an acceptable solution for acquiring consent? > 2. Is it limited to Personally Identifiable information, or does it also > include pseudonymous information? > > thanks > Keith > > Directive of the European Parliament and of the Council concerning the > processing of personal data and the protection of privacy in the electronic > communications sector > > http://register.consilium.eu.int/scripts/utfregisterDir/WebDriver.exe?MIlang > =EN&key=REGISTER&ssf=DATE_DOCUMENT+DESC&fc=REGAISEN&srm=25&md=400&what=simpl > e&ff_TITRE=&ff_FT_TEXT=Internet+cookies&ff_SOUS_COTE_MATIERE=&dd_DATE_REUNIO > N=&rc=1&nr=8&MIval=detail
Received on Wednesday, 30 January 2002 12:57:45 UTC