W3C home > Mailing lists > Public > public-tracking@w3.org > February 2012

possible 'transient un-analyzed data exception'?

From: David Singer <singer@apple.com>
Date: Wed, 22 Feb 2012 17:26:00 -0800
Message-id: <A31672EA-5753-4DAB-BDD6-7468522BE556@apple.com>
To: "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
Do we need a "transient data" exception?  That basically, raw log data can be kept for a limited period before the 'legitimate' (permitted) long-term data is extracted, and the raw data then discarded?

I would envisage such an exception would:

* require that the DNT status be kept with every record (i.e. under what DNT setting was it collected)
* require that the raw data and all copies (if any) of it be erased after the extraction is run
* require that the extraction be done in a reasonable time (less than 8 days?)
* that though the raw data contains data not permitted under DNT, the extracted data must comply (though exceptions may be claimed, as usual, alas)
* recommend that copies/backups etc. not be made, as that merely makes it harder to ensure deletion has happened

On Feb 9, 2012, at 13:12 , Shane Wiley wrote:

> David,
> You hit the core issue straight away - raw data retention and dissemination to service operational purpose exceptions.  While the end-points I described below do result in aggregate and anonymous outcomes, we need to retain the raw data to build those results (different intervals: real-time, daily, weekly, monthly, quarterly, annual).  In some cases we compound aggregation (build annual aggregations from quarterly aggregations) where we can without compromising the data but there are reporting uses where the raw data is retained for a more accurate result (financial reporting, for example).
> - Shane

David Singer
Multimedia and Software Standards, Apple Inc.
Received on Thursday, 23 February 2012 01:29:11 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:38:34 UTC