- From: Walter van Holst <walter@vanholst.com>
- Date: Tue, 07 Apr 2015 14:09:13 +0200
- To: public-tracking@w3.org
On 2015-04-07 03:42, Roy T. Fielding wrote: > For TCS, I am still requesting the following changes: > > > 2.9.1 De-identification Considerations: > > Remove the four contradictory references to "original tracking data" > because that data isn't allowed to exist; > i.e., replace: > > • technical safeguards that prohibit re-identification of > de-identified data and/or merging of the original tracking data > and > de-identified data; > > • business processes that specifically prohibit re-identification > of > de-identified data and/or merging of the original tracking data > and > de-identified data; > > • business processes that prevent inadvertent release of either the > original tracking data or de-identified data; > > • administrative controls that limit access to both the original > tracking data and de-identified data. > > with: > > • technical safeguards that prohibit re-identification of > de-identified data; > > • business processes that specifically prohibit re-identification > of > de-identified data; > > • business processes that prevent inadvertent release of > de-identified data; > > • administrative controls that limit access to de-identified data. While I can see where you are coming from, the last two bullet points are better in their original form. The release of de-identified data may very wel result in a later merger with data that re-identifies it again. This may be redressed by adding "either by the third party or any subsequent recipient of the de-identified data" to your proposal for the second bullet point. I think this becomes especially vital when you start removing the definition of "tracking data" in 2.10. > After the above changes, the only remaining use of "tracking data" in > TCS is within 3.3: > >> 3.3 Third Party Compliance: >> >> When a third party to a given user action receives a DNT:1 >> signal in a related network interaction: >> >> • that party MUST NOT collect, share, or use tracking data >> related to that interaction; >> >> • that party MUST NOT use data about network interactions with >> that >> user in a different context. > > I still think that the above is a poor substitute for our definition > of tracking, since it uses a different set of words that can only be > consistent with our definition if we assume "tracking data" = > "data collected about this particular user across multiple distinct > contexts". I would prefer that it used the same words as our > definition: > > When a third party to a given user action receives a DNT:1 > signal in a related network interaction, the party MUST NOT > > • collect data from this network interaction that would result in > data regarding this particular user's activity to have been > collected across multiple distinct contexts; > > • retain, use, or share data derived from this particular user's > activity outside the context in which that activity occurred; nor, > > • use data about this particular user's activity in other contexts > (e.g., to personalize a response to this network interaction). Again, this leads to a loss of scope. The "would" in the first bullet you propose is narrower than conveyed by the original first bullet. My suggestion for removal of "tracking data" in the first bullet (original phrasing) would be: "that party MUST NOT collect, share, or use data related to that interaction that may allow for tracking by that party;" Regards, Walter
Received on Tuesday, 7 April 2015 12:09:42 UTC