- From: David Singer <singer@apple.com>
- Date: Tue, 20 Jul 2010 11:11:11 +0200
- To: Thomas Roessler <tlr@w3.org>
- Cc: public-privacy@w3.org
Thomas, thanks for organizing it. I found it hugely worthwhile, really thought-provoking. Thanks for all the great discussion. I was noodling around with the 'warning icons' and trying to come up with other texts, for what it's worth (though these icons presume a basis of 'normal' which we'd need to define first). here's a try: Data usage: a) Data that personally identifies you is being used for other than the 'primary purpose'. maybe add one for: Your data is anonymized and merged with other people's data. (But everyone does this). Data transactions: We might sell or barter personally-identifiable data of yours. Legal usage: We may give personally identifiable data to law authorities when we could legally have resisted. Retention: After your transaction/account is over, and after any legally required retention period, we may continue to hold your data. Stronger version: and you cannot ask to delete it. Advertising/3rd parties: We convey personally identifiable data to our advertisers and other 3rd parties not involved in the primary purpose (e.g. for targeting). Our advertisers/3rd parties, possibly with our help, identify/track you on other sites as well. We acquire data from advertisers/3rd parties and attach it to your personal data. (Security rating, not sure). (Building a profile, dealt with under ad/3rd parties) * * * * * * There is one warning I don't know how to phrase. There are (at least) two steps possible in anonymization: a) your name and other identifiers are removed from the record, but then the record itself is kept intact (e.g. the database knows it had a one-legged male customer aged 23 living in Brighton, born in Venezuela, and buying rollerblades) b) the record itself is de-correlated (e.g. the database knows it had 3 people born in Venezuela, 561 customers in Brighton, 43 one-legged people, 56% male customers, and so on) The problem with doing only step (a) is, as was pointed out, remarkably few facts are enough to re-identify you... On Jul 19, 2010, at 22:52 , Thomas Roessler wrote: > Dear colleagues, > > I wanted to thank you all for joining the W3C privacy workshop last week. This is the first posting to the promised follow-up mailing list, public-privacy@w3.org (no pun intended). > > Please feel free to use this mailing list to follow up on the discussions we had at the workshop. Meanwhile, Dan and I are working on the workshop report and minutes that we hope to circulate here shortly. > > Note that the presentations are now all linked from the agenda page: > http://www.w3.org/2010/api-privacy-ws/agenda.html > > Regards, > -- > Thomas Roessler, W3C <tlr@w3.org> (@roessler) > > > > > > > > David Singer Multimedia and Software Standards, Apple Inc.
Received on Tuesday, 20 July 2010 09:11:45 UTC