[WG-InfoSharing] GDPR Consent Update for Privmas Eve

1 view
Skip to first unread message

Mark @ OC

unread,
May 12, 2020, 7:52:12 AM5/12/20
to wg-...@kantarainitiative.org, wg-info...@kantarainitiative.org
Hello All, 

As actioned on the last ISI call,  (and requested by Ken) here is the link to the GDPR consent update from May 4th, ( in advanced of PrivMas Eve on May 24th )


My favourite point - the two year grace period for old technical consent is up on Monday ! And Consent Records become mandatory.  

For example, as the GDPR requires that a controller must be able to demonstrate that valid consent was obtained, all presumed consents of which no references are kept will automatically be below the consent standard of the GDPR and will need to be renewed. 

Transparency is an additional safeguard when the circumstances do not allow for a specific consent. A lack of purpose specification may be offset by Notice of information on the development of the purpose being provided regularly by controllers . 

"Recital 171 GDPR states: “Directive 95/46/EC should be repealed by this Regulation. Processing already under way on the date of application of this Regulation should be brought into conformity with this Regulation within the period of two years after which this Regulation enters into force

"Under the GDPR, it is not possible to swap between one lawful basis and another. If a controller is unable to renew consent in a compliant way and is also unable –as a one off situation- to make the transition to GDPR compliance by basing data processing on a different lawful basis while ensuring that continued processing is fair and accounted for, the processing activities must be stopped. In any event, the controller needs to observe the principles of lawful, fair and transparent processing.

This means, as of next week, there is now an obligation to notify what the legal justification is for processing personal data. Replacing out-dated consent under previous law. 

Have A Great Tuesday  (agenda to follow) 

Mark 

PS - here is the updated page for inputs into Notice & Consent Receipts specification. 




 

Mark @ OC

unread,
May 12, 2020, 9:17:36 AM5/12/20
to Harshvardhan J. Pandit, wg-...@kantarainitiative.org, wg-info...@kantarainitiative.org
Do you think this update is a little late then ?

> On 12 May 2020, at 09:00, Harshvardhan J. Pandit <harshvard...@adaptcentre.ie> wrote:
>
> GDPR was passed as a legislation in 2016.
> The two year grace period made its enforcement active from 2018.


>
> On 12/05/2020 12:50, Mark @ OC wrote:
>> My favourite point - the two year grace period for old technical consent is up on Monday ! And Consent Records become mandatory.
>>
>> For example, as the GDPR requires that a controller must be able to demonstrate that valid consent was obtained, all presumed consents of which no references are kept will automatically be below the consent standard of the GDPR and will need to be renewed.
>>
>> Transparency is an additional safeguard when the circumstances do not allow for a specific consent. A lack of purpose specification may be offset by Notice of information on the development of the purpose being provided regularly by controllers .
>>
>> "Recital 171 GDPR states: “Directive 95/46/EC should be repealed by this Regulation. Processing already under way on the date of application of this Regulation should be brought into conformity with this Regulation within the period of two years after which this Regulation enters into force”
>

> --
> ---
> Harshvardhan Pandit
> PhD Researcher
> ADAPT Centre
> Trinity College Dublin
>

_______________________________________________
WG-InfoSharing mailing list
WG-Info...@kantarainitiative.org
https://kantarainitiative.org/mailman/listinfo/wg-infosharing

Doc Searls

unread,
May 12, 2020, 10:14:42 AM5/12/20
to Mark Lizar, wg-...@kantarainitiative.org, wg-info...@kantarainitiative.org
That records must now be kept should be good for Consent Receipts.

Meanwhile, a search for GDPR+compliance <https://www.google.com/search?&q=gdpr+compliance> brings 152,000,000 results, nearly all of which (far as I care to dig through that list) are for services meant to give companies ways to adhere to the letter of the GDPR while violating its spirit. There is a huge business in that.

Meanwhile, enforcement of GDPR violations around website consent for harvesting personal data is roughly zero. (Correct me if I have that wrong. Love to see some citations here.)

Hopefully this new update will change that.

BTW, far as I know, the first mention of GDPR Day (May 25) as "Privmas" occurred here: http://customercommons.org/2018/05/16/lets-make-may-25th-privmas-day/.

Cheers,

Doc

Mark @ OC

unread,
May 12, 2020, 12:13:53 PM5/12/20
to Doc Searls, wg-...@kantarainitiative.org, wg-info...@kantarainitiative.org
Thanks Doc, 

The frustration with technical practices not meeting legal standards like the GDPR I think will be resolved not with this update, but with global standards which provide a clear and transparent - non-compliant reputation. 

It seems this year we will have a perfect storm of tech, policy, enforcement and the key ingredient.  Some long over due legal requirement to produce a consent record.  Which is part of what I think we were celebrating in EIC 2 years ago, when was coined in the lobby, 

The first Privmas Eve was the day the W3C Data Privacy Vocabulary Control Group officially started, and we actually had an event at the ODI in London. 

To this end, why dont we continue the tradition and have a little privmas eve celebration amongst friends? : -) 

- Mark 

 (this is May 24 2018 after the W3C ODI even - at a secret bar in London) 

Perhaps a  masked Zoom call on May 24th - and a list of the highlights to date :-)  (I am sure we cn find some worthy examples of enforcement ) 

Doc Searls

unread,
May 12, 2020, 3:24:53 PM5/12/20
to Mark Lizar, wg-...@kantarainitiative.org, wg-info...@kantarainitiative.org
Cool idea. BTW, our wedding anniversary (Joyce's and mine) is May 25th as well. :-)

Doc

On May 12, 2020, at 9:12 AM, Mark @ OC <ma...@openconsent.com> wrote:

Thanks Doc, 

The frustration with technical practices not meeting legal standards like the GDPR I think will be resolved not with this update, but with global standards which provide a clear and transparent - non-compliant reputation. 

It seems this year we will have a perfect storm of tech, policy, enforcement and the key ingredient.  Some long over due legal requirement to produce a consent record.  Which is part of what I think we were celebrating in EIC 2 years ago, when was coined in the lobby, 

The first Privmas Eve was the day the W3C Data Privacy Vocabulary Control Group officially started, and we actually had an event at the ODI in London. 

To this end, why dont we continue the tradition and have a little privmas eve celebration amongst friends? : -) 

- Mark 

 (this is May 24 2018 after the W3C ODI even - at a secret bar in London) 

Perhaps a  masked Zoom call on May 24th - and a list of the highlights to date :-)  (I am sure we cn find some worthy examples of enforcement ) 

<PrivMas-Eve.jpeg>

Mark @ OC

unread,
May 14, 2020, 6:35:54 AM5/14/20
to Doc Searls, wg-...@kantarainitiative.org, wg-info...@kantarainitiative.org
Congratulations Doc and Joyce !! — 


Well perfect time to have a social and celebrate not only PrivMas Eve but the power couple who has make a space for a lot this to happen. 

-  Soes Sunday at 10 am PST for a 1 hour PrivMas Eve Special Masked Social  work for you both? 

Mark 

PS -  How many years are you two celebrating ?  
Reply all
Reply to author
Forward
0 new messages