W3C home > Mailing lists > Public > www-p3p-public-comments@w3.org > May 2000

Re: Comments on changes to P3P vocabulary

From: Lorrie Cranor <lorrie@research.att.com>
Date: Wed, 10 May 2000 22:32:36 -0400
Message-ID: <006101bfbaf1$2b5c09c0$3a06cf87@research.att.com>
To: <www-p3p-public-comments@w3.org>, <djaye@engage.com>
Dan,

Thank you for your comments on the P3P vocabulary. The 
working groups have discussed them at great length and
have made some changes to address some of your concerns.

> 1) Create a "Personally Identifiable" qualifier analogous to the original
> "Identifiable" qualifier.

We reviewed our decision to remove the identifiable qualifier and
discussed possible alternatives. We kept coming back to the problem
that it is difficult and often inaccurate or misleading to describe
data as identifiable or non-identifiable. The important distinction
is not whether it is identifiable, but how the data collector plans
to use it. It is often evident whether data will be used in an identifiable
way based on whether or not data like name and address are collected,
and based on the purpose disclosed for the data. However, the
working groups were convinced that this was not always evident
for profiling. The group decided that it was worthwhile to allow 
data collectors to distinguish easily between identified and
non-identified profiling. So we added a new purpose called
pseuodonymous profiling to address this. This is in the May 10
specification.

> 2) Omit the One-time Targeting purpose.or at least change it to "One-time
> Tailoring" or "Immediate Tailoring".

We decidied to change this to one-time tailoring.

> 3) Change the "profiling" purpose to "Ongoing Tailoring" with appropriate
> edits to constrain the definition to the use of individual data (PII or
> non-PII) for the purpose of tailoring a users experience.

We decided to continue to use the term profiling, but with the
addition of pseudononymous profiling, this purpose is now used only for
PII profiling.

> 4) Consider separating out "globally unique identifiers" and "pairwise
> unique identifiers" or "secret unique identifiers".

We discussed this at legnth, but were unable to come up with a 
satisfactory definition that would distinguish globally unique
identifiers from pariwise unique identifiers. The group also noted that
pairwise unique identifiers can easily become globally unique identifiers.
For example, the social security number is used for all sorts of purposes
for which it was never intended. 

Once again, thanks for your comments. We hope you will find that
our revised spec addresses many of your concerns.

Regards,

Lorrie Cranor
P3P Specification Working Group Chair

 
Received on Wednesday, 10 May 2000 22:32:54 GMT

This archive was generated by hypermail 2.2.0+W3C-0.1 : Tuesday, 21 September 2004 12:14:16 GMT