Hi Peter,
On 15.03.21 20:07, Peter Schober wrote:
> * Bernd Oberknapp <bo@ub.uni-freiburg.de> [2021-03-15 19:53]:
>> The point is that we cannot force users to consent to releasing PII
>> (like a pairwise-id/eduPersonTargetedID) that isn't necessary (if
>> the user doesn't want to use the personalization) and deny access to
>> resources necessary for their studies or research if the users don't
>> give their consent - that again wouldn't be free and informed
>> consent.
>
> Maybe my issues with the paragraph above are due to merely phrasing
> things in an unfortunate way (I'm not discounting the possibilty that
> we all agree on these issues), but not knowing that for sure all I
> have to go on is what's written above. To which I'll say this:
>
> You can't ever "force users to consent", obviously.
> (You can certainly ask them to consent, though. Unless consent is not
> the legal basis for processing, see below.)
> And asking for consent in cases where the processing "isn't necessary"
> is exactly the right case to be asking for consent, IMO.
> Vice versa, asking for consent to processing that's necessary
> (e.g. GDPR Art. 6 1 b) is wrong anyway, then the legal bases is not
> consent and you shouldn't give the impression it is by asking for it.
the wording was indeed unfortunate. What I was trying to say is that if
consent is used as a legal basis, the user must have a choice to not
release the attribute and still get access to the resource (or have an
comparable alternative to the institutional login), and that using a
different legal basis might be difficult.
Best regards,
Bernd
--
Bernd Oberknapp
Gesamtleitung ReDI
Albert-Ludwigs-Universität Freiburg
Universitätsbibliothek
Platz der Universität 2 | Postfach 1629
D-79098 Freiburg | D-79016 Freiburg
Telefon: +49 761 203-3852
Telefax: +49 761 203-3987
E-Mail: bo@ub.uni-freiburg.de
Internet: www.ub.uni-freiburg.de
_______________________________________________
FIM4L mailing list
FIM4L@lists.daasi.de
http://lists.daasi.de/listinfo/fim4l