W3C home > Mailing lists > Public > public-p3p-spec@w3.org > May 2003

Re: potential requirement/guidelines on acceptable Purpose / Cate g ory combinations

From: Rigo Wenning <rigo@w3.org>
Date: Tue, 20 May 2003 18:58:37 +0200
To: "Dobbs, Brooks" <bdobbs@doubleclick.net>
Cc: "'Humphrey, Jack'" <JHumphrey@coremetrics.com>, "'public-p3p-spec@w3.org '" <public-p3p-spec@w3.org>
Message-ID: <20030520165837.GG1847@localhost>

Brooks, 

linked means every data linked to every unique id transmitted. In your
example, you create confusion with two unique id's namely cookie and
loyalty #. If both are linked, they also link to all data that is
attached to both unique id's.  (logical or)

What you _do, is drawing conclusions from data declarations to usages and
vice versa. Those heuristics might be useful for a user agent. But I
don't want to prohibit people to say: We collect a whole lot of stuff,
but we don't use it (no purpose attached). 

Such a declaration would be a direct breach of the Data Protection
Directive as you collect things for the sake of collecting ;)

So data-collection declaration yes, but I don't yet understand the
(problematic) link to the purpose declaration (other than as a complaint
about our poor set of purposes)

Best, 

Rigo

On Tue, May 20, 2003 at 10:29:53AM -0400, Dobbs, Brooks wrote:
> 
> Okay we are closer but not quite there.  The requirement is "linked" not
> "used".  If you use it or not you still need to declare it (what stops you
> in the future?).  What my initial point is, is if you in fact USE it, it is
> prima facie evidence that you have it linked.
> 
Received on Tuesday, 20 May 2003 12:58:46 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 17 March 2004 17:46:24 EST