[wp-trac] [WordPress Trac] #44043: Framework for logging/retrieving a users consent state
WordPress Trac
noreply at wordpress.org
Tue May 22 10:30:32 UTC 2018
#44043: Framework for logging/retrieving a users consent state
------------------------------------+------------------------------
Reporter: cookiebot | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Privacy | Version: trunk
Severity: normal | Resolution:
Keywords: gdpr 2nd-opinion close | Focuses:
------------------------------------+------------------------------
Comment (by xkon):
@gisle afaic the ePD was going to be updated as well in 25 along with GDPR
but it is unlikely to happen, so we can't know for sure their new ways of
dealing with cookies especially ( I might be totally wrong but that's what
I know from lawyers and non-lawyers on this matter).
Apart from that though as seen reading the LB for processing (
https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-
regulation-gdpr/lawful-basis-for-processing/ ) and as seen in
http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=623051
Quote from the europa.eu document -> Page 17:
> In any event, consent must always be obtained before the controller
starts processing personal data for which consent is needed. WP29 has
consistently held in previous opinions that consent should be given prior
to the processing activity.44 Although the GDPR does not literally
prescribe in Article 4(11) that consent must be given prior to the
processing activity, this is clearly implied. The heading of Article 6(1)
and the wording “has given” in Article 6(1)(a) support this
interpretation. It follows logically from Article 6 and Recital 40 that a
valid lawful basis must be present before starting a data processing.
Therefore, consent should be given prior to the processing activity. In
principle, it can be sufficient to ask for a data subject’s consent once.
However, controllers do need to obtain a new and specific consent if
purposes for data processing change after consent was obtained or if an
additional purpose is envisaged.
I think it's clear that you do need consent first and then start
processing the data ( not always of course as it depends on the situation
).
One extra example I can give from the coding world is Google AMP project
as it's adding a consent component similar to the discussion that you
could basically put let's say for example the analytics scripts 'on hold'
until the user gives his consent to track him.
Now if we take into account that pretty much everybody is using analytics
which in it's own way is tied to re-marketing and anything else that
Google adds behind the scenes. A consent is pretty much mandatory and
should be used pretty much everywhere beforehand the way I see it.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/44043#comment:24>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list