Harshvardhan Pandit
Harshvardhan Pandit
My preferred suggestion on signal conflict is always: it should be in the favour of the individual. So where conflicts occur, the resulting outcome should prefer the prohibition of personal...
In principle, yes this is what the law says. However, the notion of _ambiguity_ in ADPC is determined by ADPC itself via its behaviours and correctness/validity conditions. What it currently...
What do you mean by "website may not work properly ..."? If some service/functionality is conditional upon the consent, then it should not be activated/loaded until the consent has been...
@michael-oneill I disagree that ePrivacy Directive takes precidence over rules about processing of personal data, which would be GDPR. They are both applicable. Where it overlaps, both requirements have to...
More important, cookies by themselves are nothing but pieces of data. The ADPC relates to the _purposes_ of those cookies, i.e. advertising, tracking, personalisation. The website must be configured to...
I agree with the proposal and discussion (and also that IDs are problematic for tracking). However, I'm not clear whether `changed=1` needs to be declared only once/first-time, and if so...
Yes, the server can see the preferences in the request contents, but not _who has set those preferences_. So if a preference is changed (assume withdraw or permission set to...
Storing consent requests in `.well-known` will not work if the consent request is not uniform for all cases, but is specific for certain cases or individuals.
This depends heavily on legal obligations, so I'll stick to GDPR for my comment. If some data is collected and processed based on consent, and that consent has been withdrawn,...
No, you're right that ADPC doesn't indicate which consent was revoked, and there are discussions in other issues about this. To add to that limitation, ADPC also doesn't indicate what...