You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
[low priority/informational] usnat and usca both have a field called SensitiveDataProcessing with overlapping "sub options", but some of the overlapping "sub options" are grouped differently
#86
Open
matt-martin opened this issue
Jul 6, 2023
· 3 comments
(1) Consent to Process the Consumer’s Sensitive Data Consisting of Personal Data Revealing Racial or Ethnic Origin.
...
(2) Consent to Process the Consumer’s Sensitive Data Consisting of Personal Data Revealing Religious or Philosophical Beliefs.
...
(11) Consent to Process the Consumer’s Sensitive Data Consisting of Union Membership.
(4) Opt-Out of the Use or Disclosure of the Consumer's Sensitive Personal Information Which Reveals a Consumer's Racial or Ethnic Origin, Religious or Philosophical Beliefs, or Union Membership.
It's not an issue for me personally (and maybe it isn't an issue for anybody else either), but I'm wondering why these are represented as three separate choices in usnat, but lumped together as one choice in theusca section?
The text was updated successfully, but these errors were encountered:
Similarly confusing to me is the fact that the KnownChildSensitiveDataConsents field in the usnat section defines two flags:
(1) Consent to Process the Consumer’s Personal Data or Sensitive Data for Consumers from Age 13 to 16.
...
(2) Consent to Process the Consumer’s Personal Data or Sensitive Data for Consumers Younger Than 13 Years of Age.
Whereas the field with the same name in the usca section defines two totally different flags:
(1) Consent to Sell the Personal Information of Consumers Less Than 16 years of Age
...
(2) Consent to Share the Personal Information of Consumers Less Than 16 years of Age
It's entirely possible that I'm missing some obvious explanation for why these should be different, but at first glance these seem so different that I don't immediately know how to make sense of it. And more to the point, it makes me wonder if one (or both) are "incorrect" in some way I don't understand.
The usnat takes a highest bar approach across each state included in the GPP. Due to the definitions of individual state statutes, there is break out of the sensitive data categories/inputs.
In California, their structure matches the defintion in the state statute: https://leginfo.legislature.ca.gov/faces/codes_displaySection.xhtml?lawCode=CIV§ionNum=1798.140. Cal Code defines the "(D) A consumer’s racial or ethnic origin, citizenship or immigration status, religious or philosophical beliefs, or union membership.", which is why the state section has this format specific for CA.
Similar application for the questions on known child sensitive data with the state vs. national section applicability.
In the spec for the US National section, the SensitiveDataProcessing field has separate flags for:
But in the spec for the California section, the SensitiveDataProcessing field combines all three of these into one:
It's not an issue for me personally (and maybe it isn't an issue for anybody else either), but I'm wondering why these are represented as three separate choices in
usnat
, but lumped together as one choice in theusca
section?The text was updated successfully, but these errors were encountered: