Is'nt it important to be able to signal that the entity seeking consent
must register with and contact a standard authorization server?
This particular term ought to be a profile of UMA labeled and documented
for GDPR.
Adrian
On Sat, Apr 1, 2017 at 10:26 AM Mike O'Neill <michael.oneill(a)baycloud.com>
wrote:
> Hi Doc,
>
> The GDPR does not have much in terms of signalling from the user (aka the
> Data Subject), other than the ability to give or revoke consent, and the
> right to object.
>
> Article 4.11 defines consent, Article 6.1(a) says it is one of the legal
> bases for processing, Recital 32 further describes it, plus other Recitals
> refer to it.
>
> Article 21 deals with the right to object, especially A21.5 which says it
> can be expressed by "automated means". This applies when another basis for
> processing (other than consent) is claimed.
>
> In terms of information required to be given by companies i.e. website
> (the Data Controller), this is spread throughout but Article 13 covers most
> of it.
>
>
> The other place which deals with user signalling, i.e. consent, ability to
> revoke at any time etc. is the proposed ePrivacy Regulation which is
> supposed to come into force at the same time as the GDPR, though it is
> still being debated. Here is a link to the proposal:
>
>
> https://ec.europa.eu/digital-single-market/en/news/proposal-regulation-priv…
>
> Mike
>
>
>
> > -----Original Message-----
> > From: Doc Searls [mailto:doc@searls.com]
> > Sent: 01 April 2017 14:34
> > To: ProjectVRM list <projectvrm(a)eon.law.harvard.edu>
> > Subject: [projectvrm] GDPR and individuals as first parties
> >
> > Customer Commons and its partners are working on terms individuals
> proffer as
> > first parties in dealings with sites and services acting as second
> parties can
> > satisfy both the letter and the spirit of the GDPR—or at least some of
> its
> > requirements.
> >
> > Since there are people on this list who know the GDPR better than I, it
> would be
> > good if we could get pointed to the parts of the GDPR that justify this
> claim. I
> > believe somebody here (Iain?) has done this before, but I can’t find
> anything
> > right now, so help would be welcome.
> >
> > Thanks!
> >
> > Documents:
> >
> > The GDPR in English HTML—
> > <http://eur-lex.europa.eu/legal-
> > content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=EN <http://eur-
> > lex.europa.eu/legal-
> > content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=EN>>
> >
> > The Wikipedia page on the GDPR—
> > <https://en.wikipedia.org/wiki/General_Data_Protection_Regulation>
> >
> > Doc
> >
> >
> >
> >
>
>
> --
Adrian Gropper MD
PROTECT YOUR FUTURE - RESTORE Health Privacy!
HELP us fight for the right to control personal health data.
DONATE: http://patientprivacyrights.org/donate-2/
