Industry Amendment Clarifications as Promised on July 10 W3C WG Weekly Call

Dear Colleagues:
As promised on the July 10 W3C WG call, Industry presents the following modifications and new amendments to provide the requested clarifications regarding these areas.

Amendment # 1:

For the purposes of this specification, dData is deidentified when a party:

1.  has taken reasonable steps to ensure that the URL data across websites or Unique ID cannot reasonably be re-associated or connected to a specific user, computer, or device without the use of additional data that is subject to separate and distinct technical and organizational controls to ensure such non-attribution, or when such attribution would require a disproportionate amount of time, expense, and effort;

2.  has taken reasonable steps to protect the non-identifiable nature of data if it is distributed to non-affiliates third parties and obtain satisfactory written assurance that such entities third parties will not attempt to reconstruct the data in a way such that an individual may be re-identified and will use or disclose the de-identified data only for uses as specified by the entity original party.

3.  has taken reasonable steps to ensure that any non-affiliate third party that receives de-identified data will itself ensure that any further non-affiliate third parties entities to which such data is disclosed agree to the same restrictions and conditions.

4.  will commit to not purposely sharing this deidentified data publicly.

Non-normative text: The commitment to not purposely share deidentified data does not include reports on deidentified data.

Data is delinked when a party:

1. has achieved a reasonable level of justified confidence that data has been de-identified and cannot be internally linked to a specific user, computer, or other device within a reasonable timeframe;

2. has taken reasonable steps to ensure that data cannot be reverse engineered back to identifiable data without the need for operational or administrative controls.

Amendment # 4 (new):

[Section 5 paragraph 3]

Outside the permitted uses, or de-identification, or uses not included within the definition of “Tracking,” the third party MUST NOT collect, retain, or share network interaction identifiers data that identify the specific user, computer, or device. 

Amendment # 5 (new):

The industry supports adding the audience measurement language that has been discussed and revised with several participants and submitted by Esomar to the permitted uses section, 5.2.

Amendment # 6 (new):

Non-normative language for the definition of “Tracking”:

<non-normative>

It is contemplated there will be significant discussion about what activities constitute Tracking and its inverse, Not Tracking.  This text explores some of the possible areas that could be considered the latter, Not Tracking. 

The operative section of the Tracking definition is the linkage between unique identifiers (users/devices) and activity across non-affiliated web sites (for discussion sake, this will be referred to as URLs but it should be clear more than URLs may qualify as activity).  To achieve “Not Tracking” one could conceive of methods that appropriately separate these two dimensions of Tracking: Unique IDs and URLs. 

One possible method could be called Aggregate Scoring.  In Aggregate Scoring, the goal is to retain the Unique ID and aggregate away associated URLs, replacing them with an aggregate interest score - something that cannot be reverse engineered back to the original URL.  For example, Cookie ID 123456789ABCD views http://www.ford.com/2013/trucks/F-150?uid=123 could be aggregated to an interest score associated with the Cookie ID becoming “Cookie ID 123456789ABCD has an interest score of 4 in Offline Vehicles”.

It is difficult to provide prescriptive measures of what would constitute “enough” aggregation or other processing to ensure the user’s browsing history cannot be reverse engineered from the retained data. However, some examples could include, but are not limited to, using minimum numbers of URLs that would constitute an aggregate and/or look at establishing a minimum number of users qualifying for a particular aggregate score before that score is exercised in production.  Other approaches are possible, however, to reach the desired end result, which is non-retention of users’ browsing history.

Further, it is strongly suggested organizations provide users transparency into these activities and provide control options for users to disallow activities such as Aggregate Scoring if the user so desires.

</non-normative>

Best regards,

Jack

Jack L. Hobaugh Jr
Network Advertising Initiative | Counsel & Senior Director of Technology 
1634 Eye St. NW, Suite 750 Washington, DC 20006
P: 202-347-5341 | jack@networkadvertising.org

Received on Friday, 12 July 2013 21:57:36 UTC