W3C home > Mailing lists > Public > public-tracking-commit@w3.org > February 2013

CVS WWW/2011/tracking-protection/drafts

From: CVS User jbrookma <cvsmail@w3.org>
Date: Tue, 12 Feb 2013 21:58:47 +0000
Message-Id: <E1U5NsF-0001EB-95@gil.w3.org>
To: public-tracking-commit@w3.org
Update of /w3ccvs/WWW/2011/tracking-protection/drafts
In directory gil:/tmp/cvs-serv4719

Modified Files:
Log Message:
update deidentified, removed service provier from 6.2 header

--- /w3ccvs/WWW/2011/tracking-protection/drafts/CambridgeBareBones.html	2013/02/08 22:40:13	1.4
+++ /w3ccvs/WWW/2011/tracking-protection/drafts/CambridgeBareBones.html	2013/02/12 21:58:47	1.5
@@ -637,50 +637,21 @@
     <section id="def-unlinkable">
-      <h3>Unlinkable Data</h3>
+      <h3>Deidentified Data</h3>
-      <p class="note">
-        There is debate about whether to use the terms unlinkable, unlinked,
-        or deidentified to describe this type of data.
-      </p>
+	  <p>Data is <dfn>deidentified</dfn> when a party:<br>
+	  (1) has taken measures to ensure with a reasonable level of
+	  justified confidence that
+	  the data cannot be used to infer information about,
+	  or otherwise be linked to, a particular consumer, computer,
+	  or other device;<br>
+	  (2) does not to try to reidentify the data; and<br>
+	  (3) contractually prohibits downstream recipients from trying to re-identify the data. 
+	  </p>
       <p class="note">JMayer would like an option that limits use of
       unlinkable data, but that should be in the compliance sections.</p>
-      <section class="option">
-        <h4>Option 1: Unlinkable in Ordinary Course of Business</h4>
-        <p>
-          A party render a dataset <dfn>unlinkable</dfn> when it<br>
-          1. takes [commercially] reasonable steps to
-          de-identify data such that there is high probability that it contains
-          information which could not be [reasonably] linked to a specific user, user
-          agent, or device [in a production environment]<br>
-          2. publicly commits to retain and use the data in unlinkable
-          fashion, and not to attempt to re-identify the data<br>
-          3. contracually prohibits any third party that it transmits the
-          unlinkable data to from attempting to re-identify the data.<br><br>
-		  Parties SHOULD provide transparency to their delinking process (to the
-          extent that it will not provided confidential details into security
-          practices) so external experts and auditors can assess if the steps
-          are reasonably given the particular data set.
-        </p>
-      </section>
-      <section class="option">
-        <h4>Option 2: Unlinkable Data</h4>
-        <p>
-          A dataset is <dfn>unlinkable</dfn> when there is a high probability
-          that it contains only information that could not be linked to a
-          particular user, user agents, or device [by a skilled analyst]. A
-          party renders a dataset unlinkable when either:<br>
-          1. it publicly publishes information that is sufficiently detailed
-          for a skilled analyst to evaluate the implementation, or<br>
-          2. it ensures that the dataset is at least 1024-unlinkable.
-        </p>
-      </section>
     <section id="def-network-transaction">
@@ -1091,8 +1062,7 @@
     <section id="permitted-uses">
-      <h3>Permitted Operational Uses for Third Parties and Service
-      Providers</h3>
+      <h3>Permitted Operational Uses for Third Parties</h3>
       <p class="note">
         These are options that have been discussed in the group. While many
Received on Tuesday, 12 February 2013 21:58:48 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 19:48:56 UTC