search

Data-Protection-Control / ADPC

Advanced Data Protection Control (ADPC) is a mechanism to communicate data subjects' (users') consent and privacy decisions with data controllers (service providers).
http://dataprotectioncontrol.org
Mozilla Public License 2.0
48 stars 6 forks source link

URI change in standardized consent requests #21

Closed Victor-Morel closed 2 years ago

Victor-Morel commented 2 years ago

In Section 6.1, a standardized consent requests seems to be subject to URI modifications without further considerations. I'm wondering whether this can be an issue, or if the assumptions behind the protocol are enough.

gb-noyb commented 2 years ago

I am not sure what exactly you mean with “subject to URI modifications”, but it may help to note that the URI is merely used as a globally unique identifier, and need not actually be a resolvable URL — which might have been your assumption? This approach is borrowed from ‘Linked Data’ and the ‘Semantic Web’, and for many (possibly valid!) concerns with this approach you may find plenty of relevant discussion in the LD & SW communities; some of the concerns could however be worth revisiting in context of ADPC, especially as the legal significance of signals may influence the problems and trade-offs involved.

Victor-Morel commented 2 years ago

I think you answered my question, which could be reformulated/understood as "is it okay to refer to a string (the URI) if its value (the URL you resolve in the end) can change", since it doesn't have to be a resolvable URL and it's more of a UUID. There may be new problems due to legal consideration indeed, but now the issue can be closed