Child pages
  • DRAFT 2017-06-09 Meeting Notes (CR Legal)

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Mark gave an overview of the document
  • Seeking to define a kind of code table or taxonomy to describe Purpose categories and sub-categories
  • Q: Is there currently an industry practice or standard for these purposes? A: No - typically too broadly stated
  • Rupert: the drafted list from CR spec is pretty good
  • Rachel: need to add age-related marketing purposes
  • The question of "Legitimate Interest"
    • Under GDPR, Direct Marketing does have a legitimate interest for use of PII
    • For Targeted Marketing, it implies that consent is required.
    • Rupert sees that these points lie on a spectrum
      • Believes that most orgs will end up using consent, even though there may be a case to be made to use 'legitimate interest'
    • David - this is intertwined with the PECR (Privacy in electronic communication Regulation) - there have been surprises -  http://www.legislation.gov.uk/uksi/2003/2426/contents/made
  • Advertising Fraud
    • in US the Digital Advertisers Alliance have a code of practice and definitions
      • they have defined 'Ad Delivery' - counting and fraud monitoring - a specific carve-out
      • For GDPR this carve out is not valid
    • There's a copy-paste European Digital Advertisers Alliance - same carve-out
    • Should 'Online Behavioural Advertising' be a legitimate interest? A: too broad and can be defined in any way
      • The current list of behaviours in the CR spec are relative to the particular stakeholders - which is the right approach. 
      • There are a specific list of stakeholder types in digital advertising - the only complexity might be if a party has more than one type - but then it might actually require multiple purposes
    • For Age-related - we should reference Article 8 (13 and under requires parental consent). Over 13 there are specific topics that have age bands - e.g. ads for lottery tickets.
      • Countries may choose the specific age trigger - UK going for U13
    • Perhaps there should be an 'Adult' age band for each of the purpose categories, then some for non-adults
      • Robert: this is a pattern for delegated grant of consent
      • Rupert - the conditionals probably apply in practice at the Purpose level

Action Items

  • Mark: Define a use case and work out the purpose categories. Work out the approach to developing the purpose categories.