Re: EC Directive on privacy from Rigo Wenning on 2002-01-30 (www-p3p-policy@w3.org from January 2002)

From: Rigo Wenning <rigo@w3.org>
Date: Wed, 30 Jan 2002 18:55:51 +0100
To: Keith Ball <KBall@ecolor.com>
Cc: "'www-p3p-policy@w3.org'" <www-p3p-policy@w3.org>
Message-ID: <20020130175551.GH6466@localhost>

I'm aware of this project for a communications directive. I've read all
the documents so far..

The issue is, that the Directive on want's to establish the principle of
data self determination also with cookies. 

The details about how an agreement with the user can be reached and
recorded is not given. This varies from country to country. 

In Germany, consent is regulated by § 3: Principles for the processing
of personal data in it's 7th paragraph:
(7) Consent can also be declared electronically if the provider ensures
that

1. such consent can be given only through an unambigious and
2. deliberate act by the user,
3. consent cannot be modified without detection, 
4. the creator can be identified,
5. the consent is recorded and
6 the text of the consent can be obtained by the user on request at any time.

This means, that consent would need an electronic signature, which
raises other privacy concerns. 

I have the feeling, that they wanted to do something about cookies, but
did not get the feeling of what it actually means. 

So they ruled and said: Cookies only after user's consent... 

But if this requires P3P, an OK-button or an electronic signature is
totally unclear...

Best,
-- 
Rigo Wenning            W3C/INRIA
Policy Analyst          Privacy Activity Lead
mail:rigo@w3.org        2004, Routes des Lucioles
http://www.w3.org/      F-06902 Sophia Antipolis

On Fri, Jan 25, 2002 at 02:56:40PM -0800, Keith Ball wrote:
> Has anyone read this new directive from the European Council on privacy?
> See the URL below to download an English PDF of the Directive.  It isnt
> approved by the Parliament yet, but that is expected in a few months.
> 
> I am wondering if anyone has worked with the EC on this or is familiar with
> the work and knows:
> 
> 1. If P3P and IE6 will be an acceptable solution for acquiring consent?
> 2. Is it limited to Personally Identifiable information, or does it also
> include pseudonymous information?
> 
> thanks
> Keith
> 
> Directive of the European Parliament and of the Council concerning the
> processing of personal data and the protection of privacy in the electronic
> communications sector
> 
> http://register.consilium.eu.int/scripts/utfregisterDir/WebDriver.exe?MIlang
> =EN&key=REGISTER&ssf=DATE_DOCUMENT+DESC&fc=REGAISEN&srm=25&md=400&what=simpl
> e&ff_TITRE=&ff_FT_TEXT=Internet+cookies&ff_SOUS_COTE_MATIERE=&dd_DATE_REUNIO
> N=&rc=1&nr=8&MIval=detail

Received on Wednesday, 30 January 2002 12:57:45 UTC