Privacy/TPWG/Compliance Last Call Comments

editorial

• editorial corrections/suggestions from timeless
• internationalization question about Accept-Language header

interaction with laws/regulations

Art 29:

• suggests "This specification does not override regulatory terminology, and as such, compliance with this specification does not mean compliance with the law and/or regulations."
• interpretation of DNT:0 (Art 29)
• suggests in de-identification "In cases where the process of de-identification of (personal) data is not properly assessed against privacy risks and the possibility of identification of users cannot be excluded, compliance with this specification does not mean compliance with other legislative law and/or regulations."
• suggests in out-of-band consent: "Out of band consent MUST be obtained in an unambiguous manner and specific to the intended purpose. Data collected with out of band consent MUST only be used for that specified purpose."
• covering collection as well as use and sharing [isn't this already included?]

first and third party interactions

• covering 1st party interactions Markey, Barton, Franken on 1st party interactions
• Turn Inc. re-iterates comments from others on 1st/3rd distinction
• EFF recommends by sub-domain rather than 1st/3rd distinction

permitted uses

• EFF raises concerns about permitted uses:
  • specific mechanisms (fingerprinting, super cookies)
  • frequency capping and billing auditing
  • reasonableness standard about retention

uncategorized

• graduated response normative language
• Senators Markey and Franken and Rep. Barton for default DNT:1
• Turn Inc. repeats all comments from TPE Last Call
• EFF questions word count