W3C home > Mailing lists > Public > public-p3p-spec@w3.org > July 2003

Re: [Bug 167] explanation of identified, identifiable, and linked

From: Rigo Wenning <rigo@w3.org>
Date: Mon, 21 Jul 2003 11:23:36 +0200
To: Ari Schwartz <ari@cdt.org>
Cc: public-p3p-spec@w3.org
Message-ID: <20030721092335.GN1106@rigo.w3.org>

On Fri, Jul 18, 2003 at 02:15:23PM -0400, Ari Schwartz wrote:
> 
> Hi Rigo,
> 
> My definitions were not meant to be from a US cultural perspective. 
> In fact, if I understand them correctly, your definitions are much 
> closer to the experience (legal interpretations) of the US Privacy 
> Act of 1974 then mine are.

Ok, that makes sense as the Act of 1974 was in concerto and in sync with
the development in Europe. It only touches the public sector, but the
definitions of scope (identifiable in our case) are still the same.
> 
> The reason that I strayed from this view is because of the use of 
> relational databases.  A data collector may create a system where 
> fields are not searched at the time of collection but the person is 
> still generally identified within the system.

That is exactly the point. Initially, data protection in national
legislations did _not_ apply to paper-collections. The Directive extends
the scope to well-organized paper-collections. 

The parallel I see is the distinction between raw logfile data and data
organized in a relational database. A simple cross-reference of the
tables would link a lot of data to someone's identity. This is much
harder to do for raw logfiles where you'd have to resolve all the
pseudonyms (like IP etc), chase for ID's in refererrers and re-organize
the raw data in a relational database (or in RDF). 

In a relational database, I consider the identifying already be done as
soon as there is a link to some identity qualifier like name, address,
Social security number, email-address etc. 

I don't want to explore the fuzzy edge between pseudonyms and
'identified' here, as this is another potential rathole. But if a
company had good profile-data in a well-organized relational database
tied to a pseudonym and the same company would have the ability to
resolve that pseudonym to the real name of a person without external
data and help, I would consider this identified as the decision of
identifying (purpose, processing) lies in their hands unless there are
specific means to prevent the identification of a pseudonym (third party
e.g.)

> 
> My understanding from Europe was that different countries were 
> interpreting this differently and it hadn't been worked out.  If you 
> can point to some definitive writing on this subject, I'd definitely 
> like to see it.

No, I don't think so. In fact, the commission just decided to follow-up
with every diverging definition and remedy the situation so that laws
are more homogenius. I will verify, but you could help me by giving me a
more concrete example of what you mean by diverging interpretations. (I
think the variety is more on the side of permissions than on the side of
scope and definition of identity and identifiable)

Best, 

Rigo

> 
Received on Monday, 21 July 2003 05:26:27 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 17 March 2004 17:46:26 EST