W3C home > Mailing lists > Public > public-tracking@w3.org > February 2012

RE: [Issue-5][Action-78] Remember to forget me

From: Shane Wiley <wileys@yahoo-inc.com>
Date: Sun, 12 Feb 2012 12:14:59 -0800
To: JC Cannon <jccannon@microsoft.com>, Karl Dubost <karld@opera.com>
CC: Vincent Toubiana <v.toubiana@free.fr>, "public-tracking@w3.org" <public-tracking@w3.org>
Message-ID: <63294A1959410048A33AEE161379C8023D0C8ACFEE@SP2-EX07VS02.ds.corp.yahoo.com>
Separate data processing rules for DNT records within "use limitation" business practices will be expensive so if we do go this route we're going to need considerable time to allow for this level of re-architecture (1-2 years).  I believe de-identification/anonymization of records is one possible option.

Again, I hope we resist the temptation to simply set an arbitrary timeframe that will affect all websites and business approaches across the globe.

- Shane   

-----Original Message-----
From: JC Cannon [mailto:jccannon@microsoft.com] 
Sent: Sunday, February 12, 2012 12:30 PM
To: Karl Dubost
Cc: Vincent Toubiana; public-tracking@w3.org
Subject: RE: [Issue-5][Action-78] Remember to forget me

I apologize for being offline so long. I had other work that I needed to focus on. Responses below.


-----Original Message-----
From: Karl Dubost [mailto:karld@opera.com] 
Sent: Friday, February 10, 2012 12:35 PM
To: JC Cannon
Cc: Vincent Toubiana; public-tracking@w3.org
Subject: Re: [Issue-5][Action-78] Remember to forget me

Le 2 févr. 2012 à 19:44, JC Cannon a écrit :
> Are you indicating that 3rd parties must go back through raw logs or processed data to erase the referrer de-identify the entry? If the former this will near impossible for companies who collect an enormous amount of logs daily.

This is a reasonable argument, but then the other solution would be to opacify the data on the spot and/or not record them at all.
Which one is the most reasonable? 

Shutting down options without proposing new ones doesn't help the discussion.

[JC] Keeping a separate set of logs and applying a DNT retention period to that set of logs seems like a reasonable approach. However, it will take time to modify systems to support this change. De-identification is another possible approach, though we need to specify the level of de-identification that is acceptable. Unlinkability could be a good measure.

>> - A User-Agent sending DNT:1 MAY prevent the transmission of cookies and other identifiers that are sent with the request.
> If cookie suppression occurs at the client it will override exceptions that may be place for a site.

exceptions of which nature? opt-in cookies and/or opt-out cookies. 
It might be interesting to develop a solution where this is manageable by sites. STill need to think about that.

Karl Dubost - http://dev.opera.com/
Developer Relations, Opera Software
Received on Sunday, 12 February 2012 20:16:08 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:44:45 UTC