Re: [Bug 167] explanation of identified, identifiable, and linked from Robert Horn on 2003-08-11 (public-p3p-spec@w3.org from August 2003)

From: Robert Horn <robert.horn@agfa.com>
Date: Mon, 11 Aug 2003 17:45:49 -0400
To: "Lorrie Cranor <lorrie" <lorrie@research.att.com>
Cc: public-p3p-spec@w3.org, Rigo Wenning <rigo@w3.org>
Message-ID: <OF14BA1878.DDD65FE7-ON85256D7F.0073F235@nafta.local>

Since I might not be able to make the telephone call, I'll note my
concerns.

One minor concern was the exclusive mention of EC regulations.  The newer
medical regulations (US, Canada, Australia, ...) are all using similar
nomenclature where the key factor is whether the data is identifiable.
The notion of "identified" data is meaningless in these contexts.

There are people who are concerned with the difference in intention between
"the person will be identified" and "the person could be identified."  This
appears to be distinction that is being conveyed in the "identified" versus
"identifiable".  There are contexts where this distinction is important.
E.g., if you can trust the other party's statement of intentions you might
find this to be important.  So I have no problem with having terms to
distinguish these two cases.

I find mixing in the use of the term "storage" confusing.  All of this data
is stored somewhere for some period of time.  How about changing the title
of that section to:

"Non-identifiable" data

Then the rest of the next three paragraphs reads just fine.  It makes it
clear that non-identifiable data has had any identifying information
removed.

The two paragraphs on "linked" are less clear.  Is the following a correct
rephrasing of the first paragraph?  I would add a section header to
separate it from the previous discussion of non-identifiable data.

"Linked" data

The term "linked" refers to information that can be associated with a
cookie. All data in a cookie or linked to a particular user must be
disclosed in the cookie's policy. Using the terminology above, if the data
collector collects "identifiable" information about the user that can be
associated with a cookie, then this information is "linked" with the
cookie. For example, if the data collector stores a login name in a file
associated with a persistent cookie and the login name is linked to
personal data, the cookie is clearly "linked."

R Horn

Received on Monday, 11 August 2003 17:56:19 UTC