IETF Logo Mail Archive

Re: [Pearg] draft-irtf-pearg-safe-internet-measurement review, implied consent

Antoine FRESSANCOURT <antoine.fressancourt@huawei.com> Tue, 11 July 2023 13:41 UTC

Return-Path: <antoine.fressancourt@huawei.com>
X-Original-To: pearg@ietfa.amsl.com
Delivered-To: pearg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 698CAC15153D for <pearg@ietfa.amsl.com>; Tue, 11 Jul 2023 06:41:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.895
X-Spam-Level:
X-Spam-Status: No, score=-6.895 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3A0nEKBlJonr for <pearg@ietfa.amsl.com>; Tue, 11 Jul 2023 06:41:33 -0700 (PDT)
Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0B6FBC151543 for <pearg@irtf.org>; Tue, 11 Jul 2023 06:41:33 -0700 (PDT)
Received: from lhrpeml500001.china.huawei.com (unknown [172.18.147.206]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4R0hmn40Prz6J72x; Tue, 11 Jul 2023 21:39:21 +0800 (CST)
Received: from lhrpeml500003.china.huawei.com (7.191.162.67) by lhrpeml500001.china.huawei.com (7.191.163.213) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.27; Tue, 11 Jul 2023 14:41:29 +0100
Received: from lhrpeml500003.china.huawei.com ([7.191.162.67]) by lhrpeml500003.china.huawei.com ([7.191.162.67]) with mapi id 15.01.2507.027; Tue, 11 Jul 2023 14:41:29 +0100
From: Antoine FRESSANCOURT <antoine.fressancourt@huawei.com>
To: Nick Doty <ndoty=40cdt.org@dmarc.ietf.org>, "pearg@irtf.org" <pearg@irtf.org>
Thread-Topic: [Pearg] draft-irtf-pearg-safe-internet-measurement review, implied consent
Thread-Index: AQHZs2kHixfeSrNyVE+S3RwOrbwnQ6+0kibA
Date: Tue, 11 Jul 2023 13:41:29 +0000
Message-ID: <bc85c30c6799454a89c424f8550f0ab3@huawei.com>
References: <CA+tYtvHQF7s3e-740jqjB0XEJp8OKin3xav6kheag00b1p6w1g@mail.gmail.com>
In-Reply-To: <CA+tYtvHQF7s3e-740jqjB0XEJp8OKin3xav6kheag00b1p6w1g@mail.gmail.com>
Accept-Language: fr-FR, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.206.215.38]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/pearg/43p7ByLDdQYWVn7eIEPdDVue9Ks>
Subject: Re: [Pearg] draft-irtf-pearg-safe-internet-measurement review, implied consent
X-BeenThere: pearg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Privacy Enhancements and Assessment Proposed RG <pearg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/pearg>, <mailto:pearg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pearg/>
List-Post: <mailto:pearg@irtf.org>
List-Help: <mailto:pearg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/pearg>, <mailto:pearg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Jul 2023 13:41:37 -0000

Hello, 

Just a quick remark:

## implied consent

[...]
Similarly, under European and similar data protection law, consent isn't universal, it's not that every data processing takes place with some kind of consent, but rather that you need informed consent when something of a particular weight is happening and there isn't another justification and in other cases it's reasonable for you to do the processing without getting consent (because it's not personal data, say), not that you did have some implied consent.
[...]

Under the GDPR, the implicit answer to the collection or use of data generated by the user is "Not consent". There is no such a thing as implicit consent. Either you explicitly consent, or you don't (see https://gdpr.eu/article-7-how-to-get-consent-to-collect-personal-data/). Article 6 of the GDPR gives some cases in which consent is not required, but you need to demonstrate that you fall under one of those cases.

Best regards,

Antoine Fressancourt

v2.23.0 | Report a Bug | By Email