Re: June Change Proposal, de-identified

I strongly object to this change, and it is far removed from the discussion we have had on this issue over the last several months.  It would, in fact, completely supersede the discussion we have had on audience measurement, as *any data* could be retained for *any purpose* so long as it would pseudonymized (e.g., not associated with PII).  Some iteration of red/yellow/green would be preferable to this option, but I still think NO CHANGE is appropriate for the deidentification language.
  _____  

From: Roy T. Fielding [mailto:fielding@gbiv.com]
To: public-tracking@w3.org Mailing List [mailto:public-tracking@w3.org]
Sent: Wed, 26 Jun 2013 04:16:25 -0500
Subject: June Change Proposal, de-identified

This is ISSUE-188
  
  The definition of de-identified does not capture the discussion
  we had on list regarding anonymous data and the unnecessary
  burden of contracts.  It also uses old terms like "consumer"
  and "computer" that we don't need, and is phrased in terms of
  the process of de-identification (what a party must do) rather
  than the state of the data after de-identification has completed.
  
  Existing text in Sec 2.8:
  ============================
  Data is deidentified when a party:
  
   1. has achieved a reasonable level of justified confidence that the data cannot be used to infer information about, or otherwise be linked to, a particular consumer, computer, or other device;
   2. commits to try not to reidentify the data; and
   3. contractually prohibits downstream recipients from trying to re-identify the data.
  ============================
  
  
  Replacement:
  ============================
  A data set is considered de-identified when there exists a reasonable level of justified confidence that the data within it cannot be used to infer information about, or otherwise be linked to, a particular user.
  ============================
  
  ....Roy