But there is a need for clarification here for the most often encountered consent case: web sites.
Basically the regulation could say: you must have consent to collect data, but you must ALSO observe specific standardized method X of of blanket disallowing all consent in specific contexts. For example, "if do-not-track is used in a web browser, then the user should not be shown a consent dialog but instead provided the service as if they had rejected the consent dialog".
I realize that regulators (for good reason!) are very reluctant to specify specific technologies. It's not their home turf, and it's likely to be quickly outdated. But I'm ready to accept that this would be a time when there is a good reason to make an exception to that rule.
I sort of agree with you on that. I guess I'd like to see it not in the main body of the regulation, but as an additional law/regulation/addendum that reflects the current state.
But there is a need for clarification here for the most often encountered consent case: web sites.
Basically the regulation could say: you must have consent to collect data, but you must ALSO observe specific standardized method X of of blanket disallowing all consent in specific contexts. For example, "if do-not-track is used in a web browser, then the user should not be shown a consent dialog but instead provided the service as if they had rejected the consent dialog".
I realize that regulators (for good reason!) are very reluctant to specify specific technologies. It's not their home turf, and it's likely to be quickly outdated. But I'm ready to accept that this would be a time when there is a good reason to make an exception to that rule.