Re: New Change Proposal: New text for Definition of Collect (Issue-16)

Hi Rob,

Like the other email, thanks for the thoughtful explanation and edits.  I'll accept your suggested changes as edits to my proposed text, though I do suggest we provide some guidelines for what 'short-term, transient' means within Section 5.  I know many participants can't support specific time constraints, but I think we should think of high-level guidance on what 'short-term, transient' means.  I'll see what I can come up with.

-Vinay

From: Rob Sherman <robsherman@fb.com<mailto:robsherman@fb.com>>
Date: Friday, September 27, 2013 12:15 PM
To: Vinay Goel <vigoel@adobe.com<mailto:vigoel@adobe.com>>, "public-tracking@w3.org<mailto:public-tracking@w3.org> List" <public-tracking@w3.org<mailto:public-tracking@w3.org>>
Subject: Re: New Change Proposal: New text for Definition of Collect (Issue-16)

Vinay,

As noted in the message I just sent, I'd like to propose a friendly amendment on this proposal, which would modify the definition of "retains" that you refer to below:

"A party retains data if data remains within a party's control beyond the scope of the current network interaction, except for short-term, transient collection and use as described in Section 5."

I think it's important to include some concept that invariably a party is going to receive data and hold it for some minimal period that lasts after the network interaction, even if this is very brief.  This is a practical reality of most web serving systems.  It's equally important for large parties that need to implement a process to delete or de-identify data subject to DNT restrictions because data may temporarily live on various systems within the entity's infrastructure, and for entities with less complex operations that may wish to comply by just deleting their server logs on a regular schedule.

There's language currently in Section 5 to the effect that short-term, transient collection is out of scope, which you're not proposing to modify.  This cross-reference would simply avoid any ambiguity about this point.

You raise a fair point about whether the term "transient" is clearly defined, and that's an issue we should think about — I can see pros and cons to each approach.  But if we think it's important to define this, I'd do it in the Section 5 language rather than here.

Are you comfortable with this friendly amendment to your proposal?

Thanks.

Rob

Rob Sherman
Facebook | Manager, Privacy and Public Policy
1155 F Street, NW Suite 475 | Washington, DC 20004
office 202.370.5147 | mobile 202.257.3901

From: Vinay Goel <vigoel@adobe.com<mailto:vigoel@adobe.com>>
Date: Tuesday, September 24, 2013 10:55 AM
To: "public-tracking@w3.org<mailto:public-tracking@w3.org> List" <public-tracking@w3.org<mailto:public-tracking@w3.org>>
Subject: New Change Proposal: New text for Definition of Collect (Issue-16)
Resent-From: <public-tracking@w3.org<mailto:public-tracking@w3.org>>
Resent-Date: Tuesday, September 24, 2013 10:55 AM

Current text: "A party collects data if it receives the data and shares the data with other parties or stores the data for more than a transient period."

Proposed new text: "A party collects data if it receives data and either shares the data with other parties or retains the data."

Rationale: This definition introduces a new term (transient) that can be left to interpretation that does not provide a way to measure compliance.  Instead of introducing new, undefined terms, I suggest using the defined term 'retain' since that appears to be capturing the intent of 'store the data for more than a transient period'.

Draws upon: Issue-16

-Vinay