Re: questionnaire to gain more insight into industry stakeholder practices

Hello to the list:

Well, I goofed, but I hope in a way that shows that I am trying to help.

I meant to send something privately to Shane, asking for thoughts of how
to constructively move forward on getting responses to Dan's questionnaire.

For better or worse, you all can see how I wrote something that I thought
was to one person.  On re-reading this, I am entirely comfortable with the
contents of the email -- how can we get the highest-quality responses from
industry that will advance the process?

I welcome thoughts on that, both on list or just to me on background.

Best,

Peter



Professor Peter P. Swire
C. William O'Neill Professor of Law
    Ohio State University
240.994.4142
www.peterswire.net





-----Original Message-----
From: Peter Swire <peter@peterswire.net>
Date: Saturday, May 11, 2013 10:46 AM
To: Shane Wiley <wileys@yahoo-inc.com>, Dan Auerbach <dan@eff.org>,
"public-tracking@w3.org" <public-tracking@w3.org>
Subject: Re: questionnaire to gain more insight into industry stakeholder
 practices
Resent-From: <public-tracking@w3.org>
Resent-Date: Saturday, May 11, 2013 10:46 AM

>(just to Shane)
>
>Hi Shane:
>
>I appreciate very much your contributions to the F2F this week, on top of
>all the other work you have done with the WG.
>
>I'd be curious if you have any suggestions for how I can facilitate this
>part of the process concerning Dan's questionnaire.  I can imagine
>reluctance of companies to provide any sort of representation or warranty
>that they are disclosing fully on all of the dimensions of Dan's
>questions.  
>
>On the other hand, getting something useful about these topics will help
>us, I think, make progress on permitted uses and transparency procedures
>going forward.
>
>Your thoughts on what is workable for industry while also being responsive
>to Dan's line of inquiry?
>
>Thanks,
>
>Peter
>
>
>
>
>
>Professor Peter P. Swire
>C. William O'Neill Professor of Law
>    Ohio State University
>240.994.4142
>www.peterswire.net
>
>
>
>
>
>-----Original Message-----
>From: Shane Wiley <wileys@yahoo-inc.com>
>Date: Friday, May 10, 2013 7:45 PM
>To: Dan Auerbach <dan@eff.org>, "public-tracking@w3.org"
><public-tracking@w3.org>
>Subject: RE: questionnaire to gain more insight into industry stakeholder
>practices
>Resent-From: <public-tracking@w3.org>
>Resent-Date: Friday, May 10, 2013 7:47 PM
>
>>Dan,
>>
>>Thank you for following through on this action item.  Since the Working
>>Group has yet to agree on all of the details of what a DNT standard
>>entails, it will be difficult for members to fill this out with concrete
>>DNT disclosures.  I'd suggest rather a few of us take stabs at creating
>>examples of what we could imagine an outcome looking like using
>>placeholders ("Company XYZ").
>>
>>Recommended changes to the structure:
>>
>>- Describe your company's role as a 3rd party: ad network, exchange,
>>analytics provider
>>- List the Permitted Uses your company will retain data for
>>- For each Permitted Use, explain the how long you'll be retaining data
>>for this purpose and why (include an explanation of how unique IDs are
>>used in these situations)
>>- Explain how information is processed for Permitted Uses - including the
>>additional protections a tri-state de-identification system provides for
>>user privacy (and which Permitted Uses are used in each state)
>>- Optional/Recommended - provide diagrams or videos explaining how data
>>is processed by your company for Permitted Uses (how is data separated
>>from other types of data, how often is data processed, what information
>>is stripped or retained for processing)
>>
>>The purpose for the condensing is to better shape these disclosures for
>>normal consumers that will be reading them.  One of the regular criticism
>>of privacy policies is that they are too legalistic.  I believe your
>>approach will result in something too technical.  Hopefully we can find
>>the sweet spot as we explore disclosure structure options.
>>
>>Thank you,
>>Shane
>>
>>-----Original Message-----
>>From: Dan Auerbach [mailto:dan@eff.org]
>>Sent: Friday, May 10, 2013 4:12 PM
>>To: public-tracking@w3.org
>>Subject: questionnaire to gain more insight into industry stakeholder
>>practices
>>
>>As discussed during the data retention breakout at the F2F, here the
>>requested guide for information from industry participants that would
>>help inform the group's thought process as to what type of data
>>reasonably must be retained and how long for permitted uses under the
>>standard. This short questionnaire is important for the group's work. It
>>is not a suggested transparency guide for users. I think being maximally
>>transparent to users would be good too and we should have that
>>conversation, but that is not the intention of this questionnaire. I plan
>>to respond to this email with hypothetical examples of helpful and
>>non-helpful responses, so please consider those before finalizing your
>>response. (The examples may not come right away as I must finish other
>>work first). One final comment: there may be some small areas where the
>>questions below touch on other information companies would like to
>>protect. For these, we should be able to have an unscribed conversation
>>off-list. I don't think a schematic of a data flow is a trade secret, but
>>making public the names of clients would obviously be sensitive.
>>
>>1. Outline your company's role in the Internet data collection ecosystem,
>>and your business model.
>>2. What permitted uses are you proposing retaining data for?
>>3. For each permitted use, how long are you proposing retaining data?
>>4. Draw a diagram of your logging and data pipeline, including peripheral
>>databases that store customer information, and databases used for
>>aggregated reports.
>>5. In the diagram above, indicate all repeating data processing jobs
>>(e.g. cron jobs or other processes that occur at regular intervals) that
>>relate to how data is manipulated within your system.
>>6. Within the framework of the diagram above, for each proposed permitted
>>use, describe the life cycle of protocol (HTTP) events and other data
>>events that come into the system that you would like to retain.
>>7. In the diagram above, indicate any external clients of the data
>>(auditors, customers of various sorts), and for each client, the
>>frequency, format and granularity of the data that is received.
>>8. For each permitted use, indicate in detail how unique ids are used.
>>
>>Thanks,
>>
>>--
>>Dan Auerbach
>>Staff Technologist
>>Electronic Frontier Foundation
>>dan@eff.org
>>415 436 9333 x134
>>
>>
>>
>
>

Received on Saturday, 11 May 2013 14:54:56 UTC