Privacy/TPWG/Compliance Last Call Comments

From W3C Wiki
< Privacy‎ | TPWG

editorial

interaction with laws/regulations

Art 29:

  • suggests "This specification does not override regulatory terminology, and as such, compliance with this specification does not mean compliance with the law and/or regulations."
  • interpretation of DNT:0 (Art 29)
  • suggests in de-identification "In cases where the process of de-identification of (personal) data is not properly assessed against privacy risks and the possibility of identification of users cannot be excluded, compliance with this specification does not mean compliance with other legislative law and/or regulations."
  • suggests in out-of-band consent: "Out of band consent MUST be obtained in an unambiguous manner and specific to the intended purpose. Data collected with out of band consent MUST only be used for that specified purpose."
  • covering collection as well as use and sharing [isn't this already included?]

first and third party interactions

permitted uses

uncategorized