RE: issue-199

David,

Fair call outs and it's exactly those activities that are prohibited in the Yellow Zone and require a blend of technical, operational, and administrative controls to reasonably achieve that outcome.

- Shane

-----Original Message-----
From: David Singer [mailto:singer@apple.com] 
Sent: Wednesday, July 10, 2013 11:48 AM
To: Shane Wiley
Cc: Mike O'Neill; 'achapell'; npdoty@w3.org; tlr@w3.org; public-tracking@w3.org; jeff@democraticmedia.org
Subject: Re: issue-199


On Jul 9, 2013, at 19:29 , Shane Wiley <wileys@yahoo-inc.com> wrote:

> Mike,
>  
> Deidentification is about removing the association between a unique ID (any source:  cookie, digital fingerprint, etc.) and the actual/specific user/device.  In this context:
>  
> Red:  actual user/device
> Yellow:  not actual user/device but events are linkable (and only usable for analytics/reporting)

I think that yellow data is fairly easily related to a user/device, isn't it, given that the same 'key' is consistently used for the same user/device?
a) if I get access to the association from the user/device to the key
b) if I know the algorithm to calculate the key from a transaction
c) if I can trigger the user into performing a 'tracer' transaction, and see which record that gets appended to
d) if I can look at the accumulated data and infer who it is, under some circumstances (geography, gender, and so on)

There are probably more.  It might be harder to identify them than if the user's obvious identifiers are in the record, but it's still a tracking record of a specific user/device.

So I agree, it's not until we get to green that we get out of scope:

> Green:  not actual user/device and events are not linkable (outside the scope of DNT)

David Singer
Multimedia and Software Standards, Apple Inc.

Received on Wednesday, 10 July 2013 11:01:46 UTC