Closed polcak closed 6 months ago
I believe the intent is to note that while some processing may be legal in some jurisdictions with consent, constantly asking users for consent for unnecessary processing is just putting an undue burden on them.
The introduction (including 1.1.2) doesn't get into the recommendations or principles much, but 2.2 (Data Minimization), 2.5 (Data Rights), 2.7 (Collective Privacy), and 2.12 (Consent) go into more detail on how to design appropriate use of data without burdening individual users with more privacy labour.
Some legal requirements on data processing such as GDPR allow processing after consent (see for example https://curia.europa.eu/juris/liste.jsf?num=C-673/17, https://curia.europa.eu/juris/liste.jsf?num=C-61/19 how such consent looks like) which might be the only option for some types of processing (see for example https://curia.europa.eu/juris/liste.jsf?num=C-252/21, especially replies to questions 3-5 and related recitals).
However, it seems to me that the text of 1.1.2 promotes processing without obtaining consent to remove the labour from the user. The text highlights that FIPs were created in 1970s but it does not provide any alternative.
In my opinion the text needs to clarify:
This issue is likely related to #273. I think that moving the discussion of privacy labour to processing section might improve the comprehensibility and possibly address the two issues in a better shape.