Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change phrasing of legal interpretation for EU/GDPR #93

Open
coolharsh55 opened this issue Jan 20, 2025 · 1 comment
Open

Change phrasing of legal interpretation for EU/GDPR #93

coolharsh55 opened this issue Jan 20, 2025 · 1 comment

Comments

@coolharsh55
Copy link

Hi. I'm not quite up to date on the work progress so far (but kudos on getting this in a WG), so I'm proposing the following with hope that there is time to change text. For the section on legal effects the content for GDPR is rather vague, and I propose it be changed to the following so that the interpretation is robust and clear, and so that the GPC is interpreted consistently and usefully within GDPR.

Original content: GPC could potentially be used to indicate rights in other jurisdictions as well. For example, the GDPR potentially affords data subjects the right to limit the sharing of personal information under Articles 7 and 21. Many other countries around the world have adopted affirmative privacy legislation — often modeled on the GDPR; a regulator in one of those countries could determine that GPC invokes a legal right that requires some response from a recipient.

GPC can be used to express or exercise rights in other jurisdictions as well. For example, GPC can be used with the EU's General Data Protection Regulation (GDPR) to withdraw consent under Article 7-3 and to object to the use of legitimate interests under Article 21-5, where the signal constitutes a decision by the 'data subject' regarding the do-not-sell-or-share preference. Further, in addition to the EU's GDPR, several countries around the world have also adopted affirmative privacy legislation — often modeled on the GDPR; such regulations or their enforcing authorities could assert the applicability of GPC and make it 'binding' for their jurisdiction, for example by stating that the use of GPC constitutes the exercise of a legal right or triggers an obligation that requires a response from the signal's recipient.

Separately, the link in Section 5 for legal explainer is broken / 404'd. Last working link seems to have been in June'24 archive.org. In this document, the above information is stated (though not with the same effect). I have added the point about how to make GPC binding based on that as it is useful for the uptake of the signal and for the recipients to respect it.
@j-br0
Copy link
Contributor

j-br0 commented Jan 23, 2025

On the broken link in the explainer, the current pointer is to the CG repository. We are in the process of agreeing to a more permanent home for the renamed Legal and Implementation Considerations guide, when that's settled we'll update the link.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@coolharsh55 @j-br0