Re: [Issue-5][Action-78] Remember to forget me from Vincent Toubiana on 2012-02-05 (public-tracking@w3.org from February 2012)

From: Vincent Toubiana <v.toubiana@free.fr>
Date: Sun, 05 Feb 2012 17:13:21 +0100
To: JC Cannon <jccannon@microsoft.com>
CC: "public-tracking@w3.org" <public-tracking@w3.org>, "karld@opera.com" <karld@opera.com>
Message-ID: <4F2EAAA1.3040605@free.fr>

JC,

Thanks for the feedback. Please see my response bellow.
>
> - After the retention period corresponding to each of the exemption 
> has been reached, the 3rd party operator MUST erase the referrer 
> header of entries flagged with DNT:1 and either erase or de-identify 
> the rest of the entry.  -   To de-identify the data, the 3rd party 
> operator MUST replace semi-identifiers by fix values  (i.e IP=0.0.0.0, 
> UA=ZZZ).
> Are you indicating that 3^rd parties must go back through raw logs or 
> processed data to erase the referrer de-identify the entry? If the 
> former this will near impossible for companies who collect an enormous 
> amount of logs daily.
>
I'm considering raw logs here. I don't think that it is as complicated 
as it seems for two reasons:
1) Entries with DNT:1 logs could be kept separated from the other logs.
2) Search engines apply different process to their logs at different 
point in time. For instance, Microsoft delete IP from Bing logs after 6 
months and other sessions ID after 18 months
>
> - A User-Agent sending DNT:1 MAY prevent the transmission of cookies 
> and other identifiers that are sent with the request.
> If cookie suppression occurs at the client it will override exceptions 
> that may be place for a site.
>
The cookie would not be deleted, it'll in the browser but it won't be 
sent in a request when DNT:1 is set. I think user managed exception 
could prevail to server managed exceptions. I left it as a MAY to 
support both options.

Vincent

> *From:*Vincent Toubiana [mailto:v.toubiana@free.fr]
> *Sent:* Thursday, February 02, 2012 9:28 AM
> *To:* public-tracking@w3.org
> *Cc:* karld@opera.com
> *Subject:* [Issue-5][Action-78] Remember to forget me
>
> Description:
>
> Write-up of the "Remember to forget me" definition. This first draft 
> focuses on a definition addressing the collection of data by third 
> parties. The main idea is to keep the log entries with DNT:1 and to 
> flag them to quickly de-identify them when they are not longer 
> covered  by an exemption.
>
> Server Logs
>
> - A 3rd party MAY log request received with DNT:1. If such request is 
> logged, the third party MUST keep the header DNT:1 in the logs.
> - A 3rd party operator SHOULD not infer information from/about a user 
> who send DNT=1.
> - After the retention period corresponding to each of the exemption 
> has been reached, the 3rd party operator MUST erase the referrer 
> header of entries flagged with DNT:1 and either erase or de-identify 
> the rest of the entry.  -   To de-identify the data, the 3rd party 
> operator MUST replace semi-identifiers by fix values  (i.e IP=0.0.0.0, 
> UA=ZZZ).
> - When a 3rd party aggregates logs, it MUST either not process the 
> entries flagged with DNT:1 or de-identify them beforehand.
> - A 3rd party receiving DNT:1 MUST not personalize the response based 
> in user ID.
>
> User Agent
>
> - A User-Agent sending DNT:1 MAY prevent the transmission of cookies 
> and other identifiers that are sent with the request.
> -- A User-Agent receiving a "non tracking" response from a 3rd party 
> operator SHOULD not modify its state regarding this 3srd party (local 
> storage, cookie, cache,...).
>

Received on Sunday, 5 February 2012 16:13:59 UTC