RE: ACTION-371: text defining de-identified data from Rob van Eijk on 2013-03-13 (public-tracking@w3.org from March 2013)

From: Rob van Eijk <rob@blaeu.com>
Date: Wed, 13 Mar 2013 16:28:15 +0100
To: Shane Wiley <wileys@yahoo-inc.com>
Cc: <public-tracking@w3.org>
Message-ID: <a83350abe47497f7917818470c980fa2@xs4all.nl>
Hi Shane,

I hear you and understand your position. But unlinkable and 
de-identified are not mutual exclusive. Unlinkable data is a subset of 
de-identified data, they just go through another step of scrubbing).
Adding it to the list is not hurting your position.

The key towards the middle ground remains data retention, which has to 
be proportionate to the purpose.

Rob

Shane Wiley schreef op 2013-03-13 16:13:
> Rob,
> 
> I thought we had agreed to not mix the "unlinkable" term with
> "de-identified" here.  In our discussions in Boston it appeared there
> was general agreement that unlinkability in a step beyond
> de-identified.  Once a record has been rendered de-identified, it can
> later further be made unlinkable (using your definition of unlinkable
> vs. the one I proposed).  This is a significant sticking point for
> those of use attempting to find middle-ground here so hopefully we can
> document the details in non-normative text but I'd ask that we remove
> mention of unlinkable in the definition of de-identified at this time
> (or else we've not really moved forward in this discussion in my
> opinion).
> 
> - Shane
> 
> -----Original Message-----
> From: Rob van Eijk [mailto:rob@blaeu.com]
> Sent: Wednesday, March 13, 2013 5:57 AM
> To: public-tracking@w3.org
> Subject: RE: ACTION-371: text defining de-identified data
> 
> Dan, Kevin,
> 
> I would really want the unlinkability in there as well. I propose to
> add the text:  made unlinkable
> 
> Normative text: Data can be considered sufficiently de-identified to
> the extent that it has been deleted, made unlinkable, modified,
> aggregated, anonymized or otherwise manipulated in order to achieve a
> reasonable level of justified confidence that the data cannot
> reasonably be used to infer information about, or otherwise be linked
> to, a particular user, user agent, computer or device.
> 
> 
> In terms of privacy by design, de-identification through
> unlinkability is the strongest form of de-identtification IMHO.
> 
> Rob
> 
> Kevin Kiley schreef op 2013-03-12 19:03:
>> Dan,
>> 
>> In case I wasn't being clear in my last post, I (personally) believe
>> that
>> 
>> User-agent should *NOT* be removed from the proposed text.
>> 
>> I actually don't think it would do any harm to *ADD* the word
>> 'Computer'
>> 
>> as well ( which is present in the current FTC definition ) so it 
>> reads
>> like this…
>> 
>> Normative text:
>> 
>> Data can be considered sufficiently de-identified to the extent that
>> it
>> 
>> has been deleted, modified, aggregated, anonymized or otherwise
>> 
>> manipulated in order to achieve a reasonable level of justified
>> 
>> confidence that the data cannot reasonably be used to infer
>> information
>> 
>> about, or otherwise be linked to, a particular user, user agent,
>> computer or device.
>> 
>> I think that covers it pretty well, and *NO* 'clarifying text' is
>> necessary.
>> 
>> Just my 2 cents.
>> 
>> Kevin Kiley
>> 
>> Previous message(s)…
>> 
>> Dan,
>> 
>> Perhaps you can add text clarifying this perspective or, much like 
>> the
>> FTC, suffice with "device" which I believe more than covers what
>> you're looking for here.
>> 
>> - Shane
>> 
>> From: Dan Auerbach [mailto:dan@eff.org]
>> 
>> Sent: Tuesday, March 12, 2013 8:57 AM
>> 
>> To: public-tracking@w3.org
>> 
>> Subject: Re: ACTION-371: text defining de-identified data
>> 
>> Shane and Kevin -- The phrase "user agent" in the text is intended to
>> refer to a particular user agent (not "Chrome 26" but rather "the
>> browser running on Dan's laptop". I hoped that would be clear from
>> context, but if it's not we can clarify. I may not be able to 
>> identify
>> your device per se, but can identify that this is the same browser as
>> I saw before. I think this is the case with using cookies, for
>> example. It seems more accurate to me than lumping it all under
>> "device", and appropriate since the text of our document is elsewhere
>> focused on user agents, unlike the FTC text.
>> 
>> Best,
>> 
>> Dan
>> 
>> On 03/12/2013 12:19 AM, Kevin Kiley wrote:
>> 
>>>> Shane Wiley wrote...
>> 
>>>> I had removed "user agent" in the suggested edit as this could be
>>>> something as generic as "Chrome 26".
>> 
>> It can also be something VERY specific... and tell you a LOT about 
>> the
>> Computer/OS/Device being used.
>> 
>> In the case of Mobile... it will pretty much tell you EXACTLY what
>> 'Device' is being used.
>> 
>>>> The FTC likewise does not use "user agent" in their definition.
>> 
>> That's true... but BOTH definitions (W3C and FTC) currently mention
>> 'Device'... and the FTC
>> 
>> reports go to great lengths about how important it is to exclude any
>> knowledge of 'the Device'
>> 
>> from the de-identified data ( especially in the case of 'Mobile
>> Devices' ).
>> 
>> Kevin Kiley
Received on Wednesday, 13 March 2013 15:28:49 UTC