Yup. And that's why OpenID Connect refers to "conditions for processing" per UK ICO. Not to mention, we have discussed these in the WG as well.
2013/12/19 Josh Howlett <josh.howl...@ja.net> > > > >There are a lot of contexts where consent is problematic to obtain, > >where people simply click right through informed consent prompts, > >and/or where obtaining consent is directly against the public interest > >(e.g., public health monitoring of disease would not work very well if > >folks could opt-out of such data sharing). I say this because this is > >a big difference between the US and EU views on privacy regulation, > >with the EU favoring explicit, informed consent pretty heavily. I > >think the US view is less coherent, but would probably be > >characterized as "consent or opt-in is required for especially > >sensitive contexts, demographics, and data types". > > In the EU, consent can be used as a legal grounds for data processing, but > it is not the only one, nor is there any preference given to it over the > other six grounds. If anything there has been a tendency to use one of the > other grounds, because it can be difficult to implement in practice. > > "If incorrectly used, the data subject¹s control becomes illusory > and consent constitutes an inappropriate basis for processing." > > > ( > http://ec.europa.eu/justice/data-protection/article-29/documentation/opini > on-recommendation/files/2011/wp187_en.pdf) > > Josh. > > > Janet(UK) is a trading name of Jisc Collections and Janet Limited, a > not-for-profit company which is registered in England under No. 2881024 > and whose Registered Office is at Lumen House, Library Avenue, > Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. 614944238 > > -- Nat Sakimura (=nat) Chairman, OpenID Foundation http://nat.sakimura.org/ @_nat_en
_______________________________________________ ietf-privacy mailing list ietf-privacy@ietf.org https://www.ietf.org/mailman/listinfo/ietf-privacy
