DPA is Mauritius Data Protection Act which includes section 23 & 24 #68
Conversation
and includes provisions for signaling consent. Signed-off-by: Loganaden Velvindron <logan@cyberstorm.mu> Signed-off-by: Veegish Ramdani <veegish@cyberstorm.mu>
| @@ -455,6 +459,15 @@ <h2>Legal Effects</h2> | |||
| object to direct marketing under legitimate interest ([[?GDPR]]). | |||
| </p> | |||
| </li> | |||
| <li> | |||
| <p> | |||
| The DPA's goal is to "strengthen the control and personal autonomy of data subjects over their | |||
There was a problem hiding this comment.
I think it would help if each of these paragraphs included a direct identification for the jurisdiction. That is "Mauritius DPA" and "European Union GDPR" and "California CCPA". That's not your fault necessarily, but an existing problem.
There was a problem hiding this comment.
@martinthomson I think that's a good point. PR incoming to resolve this separately.
|
Hi, after some review, we're concerned about the future of adding more laws into the future into the body of the spec. Changes, once this spec continues along the document lifecycle, will enter a longer timeline of review and feedback and we want the rapidly changing landscape of privacy to be quickly reflected to people who want to understand GPC. Since there are likely a lot of new privacy laws that are applicable coming in the future, we think the best place for them is in the explainer. Would it be possible for you to put it into the explainer instead? https://github.com/privacycg/gpc-spec/blob/main/explainer.md or we can work on transforming it into there in this PR. Also, if you have any supporting documents or formal legal text that refers to privacy signals or GPC in particular, it would be useful to have it in the docs folder of this repository. Thanks greatly for this contribution @loganaden - let us know what the best approach is to get it incorporated into the explainer! |
|
On the general point of where to capture information about implementation in law, perhaps a separate document (or wiki page, if you were willing to tempt fate) is better. The section on laws is already fairly unwieldy and distracting. A separate document might lend itself to more structure, without distracting from the central message in the explainer. |
|
Wherever this winds up, someone should check that the cited sections of the law actually address the effect of a GPC request. The text mentions Articles 23 and 24. Article 23 is
(not about opt-outs)
(not about opt-outs) Article 24 is
This is closer to being about opt-outs, but it doesn't say that a globally-configured opt-out wins over a direct consent to a specific sharing request on a specific site. Without that statement, a controller can pretty easily prove that the data subject consented to their particular processing even if they told their browser to object in general. ("We saw a I did snip some other bits of both articles that seemed unrelated to GPC, but if I snipped a critical one incorrectly, please paste it in here. |
|
I'll rework it for the explainer instead. |
Great, @loganaden! Here is the explainer that we are currently revising and in which we can include your language. |
|
@SebastianZimmeck I created a different PR: #71 |
|
I am closing this PR as it is superseded by #71. @jyasskin, if you like to continue discussing your point above, please feel free to open a new issue or comment on an existing issue if you think your point fits there. |
and includes provisions for signaling consent.