Re: tracking data (was Re: [TCS] comments on 17 Feb 2015 editors draft) from Justin Brookman on 2015-04-08 (public-tracking@w3.org from April 2015)

From: Justin Brookman <jbrookman@cdt.org>
Date: Wed, 8 Apr 2015 15:50:37 -0400
To: "Roy T. Fielding" <fielding@gbiv.com>
Cc: Tracking Protection Working Group <public-tracking@w3.org>
Message-ID: <CAF2uvujjm36AxRjduKun=wiCHj0LYDCF7w3tMZ6Neti_L5ou2g@mail.gmail.com>
During the call today, we made significant progress in resolving this
issue.  We tentatively agreed on a way to not include the term "tracking
data" in the third party compliance section --- instead that would read:

When a third party to a given user action receives a DNT:1
  signal in a related network interaction, the party MUST NOT

  •  collect data from this network interaction that would result in
     data regarding this particular user being associated across
     multiple distinct contexts;

  •  retain, use, or share data derived from this particular user's
     activity outside the context in which that activity occurred; nor,

  •  use data about this particular user's activity in other contexts
     (e.g., to personalize a response to this network interaction).

(The IRC discussion alternatively suggests "collect data from this network
interaction that would result in data regarding this particular user to
have been collected across multiple distinct contexts" for the first
bullet, but I think that the version I transcribed above is more clear.  If
others disagree, please let me know.)

No one on the call objected to Roy's other suggestions for removing
"tracking data" from the TCS (replacing "tracking data" with "that data" or
"data about that activity" in two places).

Walter had previously objected on the mailing list to removing "tracking
data" from the non-normative discussion of de-identification.  However,
participants on the call today didn't think the removal of the term
weakened that provision.  De-identification already requires technical
processes to ensure that *no one* can re-identify the data; the
non-normative language simply notes other prophylactic steps that can be
taken to address the persistent possibility of reidentification in the
future.

On Mon, Apr 6, 2015 at 9:42 PM, Roy T. Fielding <fielding@gbiv.com> wrote:

> Looking at the April 1 minutes, it looks like the best course of action
> for TPE is to not change anything (i.e., keep the two uses of
> "tracking data") given that they can be understood as implied by the
> definition of tracking, and even if they are misunderstood it wouldn't
> change an implementation.
>
>
> For TCS, I am still requesting the following changes:
>
>
> 2.9.1 De-identification Considerations:
>
> Remove the four contradictory references to "original tracking data"
> because that data isn't allowed to exist;
> i.e., replace:
>
>    •  technical safeguards that prohibit re-identification of
>       de-identified data and/or merging of the original tracking data and
>       de-identified data;
>
>    •  business processes that specifically prohibit re-identification of
>       de-identified data and/or merging of the original tracking data and
>       de-identified data;
>
>    •  business processes that prevent inadvertent release of either the
>       original tracking data or de-identified data;
>
>    •  administrative controls that limit access to both the original
>       tracking data and de-identified data.
>
> with:
>
>    •  technical safeguards that prohibit re-identification of
>       de-identified data;
>
>    •  business processes that specifically prohibit re-identification of
>       de-identified data;
>
>    •  business processes that prevent inadvertent release of de-identified
> data;
>
>    •  administrative controls that limit access to de-identified data.
>
>
> 2.10 Tracking
>
> Remove the paragraph defining "tracking data".
>
>
> 3.3.1.3 No Personalization
>
> Remove "based on tracking data" because it is redundant;
> i.e., replace:
>
>    A party that collects data for a permitted use MUST NOT use that
>    data to alter a specific user's online experience based on tracking
>    data, except as specifically permitted below.
>
> with:
>
>    A party that collects data for a permitted use MUST NOT use that
>    data to alter a specific user's online experience,
>    except as specifically permitted below.
>
>
> 3.3.3 Qualifiers for Permitted Uses [EXAMPLE 4]
>
> Replace "tracking data" with "data about that activity".
>
> ======
>
> I think all of the above changes should be completely non-controversial,
> assuming we are not going to reopen ISSUE-5.  I want them done before
> proceeding to LC.
>
> After the above changes, the only remaining use of "tracking data" in
> TCS is within 3.3:
>
> > 3.3 Third Party Compliance:
> >
> >   When a third party to a given user action receives a DNT:1
> >   signal in a related network interaction:
> >
> >    •  that party MUST NOT collect, share, or use tracking data
> >       related to that interaction;
> >
> >    •  that party MUST NOT use data about network interactions with that
> >       user in a different context.
>
> I still think that the above is a poor substitute for our definition
> of tracking, since it uses a different set of words that can only be
> consistent with our definition if we assume "tracking data" =
> "data collected about this particular user across multiple distinct
> contexts".  I would prefer that it used the same words as our definition:
>
>   When a third party to a given user action receives a DNT:1
>   signal in a related network interaction, the party MUST NOT
>
>   •  collect data from this network interaction that would result in
>      data regarding this particular user's activity to have been
>      collected across multiple distinct contexts;
>
>   •  retain, use, or share data derived from this particular user's
>      activity outside the context in which that activity occurred; nor,
>
>   •  use data about this particular user's activity in other contexts
>      (e.g., to personalize a response to this network interaction).
>
> IOW, I would prefer that it specifically disallow tracking using the
> same semantics as expressed by the preference of DNT:1.
>
> However, I can live with going to LC with the existing wording,
> assuming that there is no separate definition of tracking data
> in TCS that is inconsistent with our definition of tracking.
>
>
> Cheers,
>
> Roy T. Fielding                     <http://roy.gbiv.com/>
> Senior Principal Scientist, Adobe   <http://www.adobe.com/>
>
>
>
Received on Wednesday, 8 April 2015 19:51:25 UTC