W3C home > Mailing lists > Public > public-tracking@w3.org > June 2012

Aggregate Reporting Summary

From: Rob Sherman <robsherman@fb.com>
Date: Fri, 22 Jun 2012 00:41:10 +0000
To: "public-tracking@w3.org Group WG" <public-tracking@w3.org>
Message-ID: <CC090D35.FDC1%robsherman@fb.com>
Here’s a summary of today’s small-group discussion around AGGREGATE REPORTING.  The notes are individual and not attributed; but they don’t reflect the views of everyone who participated.
*          *          *
Summary:

·      Linkable data can be retained for a specified period (the group discussed one month but no firm resolution) for aggregatereporting.

·      A party can use data in linkable form for a longer period if retention of the data is already necessary for another permitted use.

·      No limit on subsequent reporting based on unlinkable data.

·      Some in the group expressed a concern about whether this creates a competitive imbalance that favors advertising companies (which have longer-term audit requirements) as compared to pure analytics companies.

*          *          *

·      Privacy concern about having linkable data retained for an indefinite/long period.  Businesses have an interest in being able to understand uses.

·      CDT proposal has a two-week retention period for identifiable information.  Consider expanding to one month or potentially longer.  Need to consider more about specific business needs.

o   What about research/audit?  Covered under other permitted uses.

·      Concern that there are different permitted uses with different time periods.  The reality is that you’re going to have the data in one area and implement restrictions to be sure that they’re used for a single purpose.

o   Want to avoid giving people incentive to inaccurately put things into multiple buckets.  Many in the group believe that legal/regulatory obligations can address this.

o   But if the information is available anyway and we can do great (privacy sensitive) things with it, we should.

o   Different purposes and businesses have different needs, so hard to establish hard limits.

o   Goal should be to promote data minimization driven by ensuring that security needs (as opposed to research needs) are fully protected.

·      Proposal: 30 days for aggregate reporting; data kept for a longer period can be used for aggregate reports as well, but need to produce aggregate reports is not in itself a reason for broader retention.

o   But this creates a competitive imbalance between companies that do advertising (and therefore need information for a longer period for audit) as compared to analytics companies (which do not have audit obligations).

·      Unlinkable data requirements:  no persistent identifier, no effort to reidentify, processors won’t reidentify.

o   (Discussion about whether unlinkability is really the right concept.)

o   Advocates’ concern relates to retention of non-unlinkable information..  We all agree that unlinkable is the endpoint, but the input has to be non-unlinkable.

o   Consensus proposal:  Specified period (30 days?) for aggregate reporting, but longer if needed for another permitted purpose.

o   Concern that we want to be sure we protect the ability of research companies like comScore to continue to operate:

§  Panel research is protected because of consent.

§  But census research may not be.  Need to understand this better.

·      Alternative proposal:  Stepwise approach where you have the raw data for X days; then siloed approach where data are keyed uniquely but only for a campaign (for example) not across the enterprise; and then after Y days fully unlinkable.


Rob Sherman
Facebook | Manager, Privacy and Public Policy
1155 F Street, NW Suite 475 | Washington, DC 20004
office 202.370.5147 | mobile 202.257.3901 | fax 202.280.1055
Received on Sunday, 24 June 2012 20:24:16 UTC

This archive was generated by hypermail 2.3.1 : Friday, 21 June 2013 10:11:31 UTC