Is'nt it important to be able to signal that the entity seeking consent must register with and contact a standard authorization server?

This particular term ought to be a profile of UMA labeled and documented for GDPR.

Adrian

On Sat, Apr 1, 2017 at 10:26 AM Mike O'Neill <michael.oneill@baycloud.com> wrote:
Hi Doc,

The GDPR does not have much in terms of signalling from the user (aka the Data Subject), other than the ability to give or revoke consent, and the right to object.

Article 4.11 defines consent, Article 6.1(a) says it is one of the legal bases for processing, Recital 32 further describes it, plus other Recitals refer to it.

Article 21 deals with the right to object, especially A21.5 which says it can be expressed by "automated means". This applies when another  basis for processing (other than consent) is claimed.

In terms of information required to be given by companies i.e. website (the Data Controller), this is spread throughout but Article 13 covers most of it.


The other place which deals with user signalling, i.e. consent, ability to revoke at any time etc. is the proposed ePrivacy Regulation which is supposed to come into force at the same time as the GDPR, though it is still being debated. Here is a link to the proposal:

https://ec.europa.eu/digital-single-market/en/news/proposal-regulation-privacy-and-electronic-communications

Mike



> -----Original Message-----
> From: Doc Searls [mailto:doc@searls.com]
> Sent: 01 April 2017 14:34
> To: ProjectVRM list <projectvrm@eon.law.harvard.edu>
> Subject: [projectvrm] GDPR and individuals as first parties
>
> Customer Commons and its partners are working on terms individuals proffer as
> first parties in dealings with sites and services acting as second parties can
> satisfy both the letter and the spirit of the GDPR—or at least some of its
> requirements.
>
> Since there are people on this list who know the GDPR better than I, it would be
> good if we could get pointed to the parts of the GDPR that justify this claim. I
> believe somebody here (Iain?) has done this before, but I can’t find anything
> right now, so help would be welcome.
>
> Thanks!
>
> Documents:
>
> The GDPR in English HTML—
> <http://eur-lex.europa.eu/legal-
> content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=EN <http://eur-
> lex.europa.eu/legal-
> content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=EN>>
>
> The Wikipedia page on the GDPR—
> <https://en.wikipedia.org/wiki/General_Data_Protection_Regulation>
>
> Doc
>
>
>
>


--

Adrian Gropper MD

PROTECT YOUR FUTURE - RESTORE Health Privacy!
HELP us fight for the right to control personal health data.
DONATE: http://patientprivacyrights.org/donate-2/