abebis
commented
3 years ago Neither of these exemptions would seem to apply to the storage of ad-click data
Compared to the "Directive", the current draft of the ePrivacy Regulation adds exceptions for situations with very "limited intrusion of privacy", that could potentially be applied to PCM.
Exceptions to the obligation to obtain consent to make use of the processing and storage capabilities of terminal equipment or to access information stored in terminal equipment should be limited to situations that involve no, or only very limited, intrusion of privacy.
This is a purely legal rather than technical issue, but should be flagged.
The European ePrivacy Directive requires prior user consent for browser storage access, unless the access or storage is for the sole purpose of carrying out the transmission of a communication over an electronic communications network, or as strictly necessary in order for the provider of an information society service explicitly requested by the subscriber or user to provide the service. This applies to storage of any data, not just personal data.
Neither of these exemptions would seem to apply to the storage of ad-click data, which would be triggered by a site placing the PCM adorned anchor tag and the user clicking on it. To comply with existing law the user would have to be prompted for agreement on clicking the link.
On the other hand PCM would be a great help in improving user privacy and data protection, so an exemption for its implementation should be uncontroversial.
Hopefully engaged regulators/policy folk can address this.