RE: [ISSUE-31] Minimization -- to what extent will minimization be required for use of a particular exemption?

What Nick said... :)

This was in the context of 3rd party data protection where they were looking for 1st party data use rights (3rd party as a 1st party).  The concepts of minimization and technical protections crossed in this conversation and the open question emerged:  does minimization allow for a particular exemption?  One example was data aggregation (time frame between raw and aggregated was debated).  Does aggregation provide an exemption to the DNT signal (for example, for a ComScore or Nielsen to provide web-wide aggregate reporting to the world)?

- Shane

From: Nicholas Doty [mailto:npdoty@w3.org]
Sent: Monday, December 12, 2011 3:43 PM
To: Kevin Smith
Cc: public-tracking@w3.org; Shane Wiley
Subject: Re: [ISSUE-31] Minimization -- to what extent will minimization be required for use of a particular exemption?

On Dec 12, 2011, at 2:09 PM, Kevin Smith wrote:
Apparently Shane said: "do you get exemptions by using particular technical implementations?"
Which Nick interpreted and created the issue:" Minimization - to what extent will minimization be required for use of a particular exemption? (conditional exemptions)"
Shane, Nick, or anyone else?  Do you remember this conversation?  Can you tell me what the underlying issue or question was?  Nick, what do you mean by minimization?  Collecting as little data as possible??

I think "data minimization" is generally considered to be the technique of collecting little data (or less specific data) or retaining less data (or less specific data, or for less time) in order to decrease privacy risks. In location privacy, we often give the example of storing only the zip code rather than precise latitude/longitude as a data minimization technique.

The relevant text from the minutes (http://www.w3.org/2011/09/21-dnt-minutes.html) seems to be this:
Jonathan: Minimization... in some cases privacy concern might be minimal, but in many cases lots of tech apporaches
... to what extent so we want to recommend tech / nice tech?
... broad exceptions yet some tech might be better for implementing them?
... frequency capping eg, we are NOT going to allow it in .... but may be allow it in this other case, where minimization makes a difference
Peter: The technical conditional nature of exemption
Aleecia: Is it reasonable for us to only have exemption only based on the tech they use?

I think the general idea being, are there exemptions to a Do Not Track preference when a particular technique is being used for minimizing data? What kind of recommendations should the specification make on minimization techniques and what effect will the particular technique have on the requirements put on a tracking server?

Hope this helps,
Nick

Received on Monday, 12 December 2011 22:51:30 UTC