- From: Gabriel Fernandez <gdbf@wheelsoftware.com>
- Date: Tue, 31 Mar 2015 12:33:40 -0400
- To: Mike O'Neill <michael.oneill@btinternet.com>
- Cc: "Roy T. Fielding" <fielding@gbiv.com>, "<public-privacy@w3.org>" <public-privacy@w3.org>
- Message-Id: <22E9C66F-2645-486D-AC97-25BE6B8A1B76@wheelsoftware.com>
Thanks for the foreign definition, Mike, I have some thoughts.
A new bill proposed in Connecticut defines personal data (ie "deidentified student information") similarly, see Section 1(a) quoted here. Including the opinions and labels for the data controller with the personal data (ie "student record"), creates a problem for judges and legal. Opinions, ambiguous references, and meta-data which don't (directly) contain personal information are necessary for data commerce; personally identifying data should only be shared by the individual ("deidentified student"), with whomever he chooses, and law enforcement.
<quo>
Section 1. (NEW) (Effective October 1, 2015, and applicable to any 1 agreement entered into on or after said date)
(a) For the purposes of this section:
(1) "Contractor" means an individual, business or other entity that provides educational software or services for the electronic storage, management and retrieval of student records and receives such student records pursuant to a written agreement with a local or regional board of education;
(2) "Deidentified student information" means any information that cannot be used to identify an individual student;
(3) "Student generated content" includes materials created by a student including, but not limited to, essays, research papers, portfolios, creative writing, music or other audio files or photographs, except that it does not include student responses to a standardized
(4) "Student record" includes any information directly related to a student that is maintained by a local or regional board of education and any information acquired from a student through the use of educational software assigned to the student by a teacher or employee of a local or regional board of education, except that it does not include deidentified student information used by the contractor to improve educational products for adaptive learning purposes and for customizing student learning, to demonstrate the effectiveness of contractor's products in the marketing of those products and to develop and improve the contractors' products and services.
</quo>
Geyb
===========================
Twitter.com/Gdbf137 👤💬
PGP Key ID: 9425a6af 🌎
> On Mar 31, 2015, at 11:08 AM, Mike O'Neill <michael.oneill@btinternet.com> wrote:
>
> Roy,
>
> I am sure it is possible to rewrite the documents to remove references to “tracking data”, but I do not think this necessarily improves clarity. A developer needs to know what data his application should be designed to discard (or not collect) when DNT:1, and the answer should not be “check with your legal department”.
>
> I think clarity would be better serviced getting the definition right.
>
> Your amendments describe it as both “data collected while tracking” and “data that enables tracking”, so why not make the definition that.
>
> How about:
>
> Tracking data is any information that enables a specific user agent to be recognised in different contexts, or which contains the user’s personal data collected in other contexts.
>
> If we need a definition of personal data, here is a reasonable one from the UK’s 1998 Data Protection Act:
>
> “personal data” means data which relate to a living individual who can be identified—
> (a) from those data, or
> (b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller,
> and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual;
>
>
> Mike
Received on Tuesday, 31 March 2015 16:34:09 UTC