- From: Haakon Bratsberg <haakon.bratsberg@opera.com>
- Date: Mon, 9 Jan 2012 21:14:48 +0100
- To: Rigo Wenning <rigo@w3.org>
- Cc: public-tracking@w3.org, David Singer <singer@apple.com>
On Jan 9, 2012, at 5:59 PM, Rigo Wenning wrote: > David, > > I like your suggestion. We should ask Rob about it as I think the restrictions > even match the definition of a data processor under the EU Directive, thus > giving the entire responsibility to the first party (data controller in EU > talk) I agree that the restrictions is close the definition of "processor" in EU privacy law. Directive 95/46/EC Section 2 e) of the reads: >'processor' shall mean a natural or legal person, public authority, agency or any >other body which processes personal data on behalf of the controller;" <http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:en:HTML> David's text reflects the limitations on the processor's ability to process the data that follows from EU privacy law. Haakon > > Can we resolve? > > Rigo > > On Tuesday 03 January 2012 15:18:30 David Singer wrote: >> Issue number: 23 >> >> Issue name: Possible exemption for analytics >> Suggested retitle: Possible exemption for outsourcing >> >> Issue URL: >> http://www.w3.org/2011/tracking-protection/track/issues/23 >> >> Section number in the FPWD: 3.4 Types of Tracking >> Contributors to this text: (Draft) David Singer, (Edit) Jonathan Mayer >> >> Specification: >> A third-party site may operate as a first-party site if all the following >> conditions hold: the data collection, retention, and use, complies with at >> least the requirements for first-parties; the data collected is available >> only to the first party, and the third party has no independent right to >> use the data; the third party makes commitments to adhere to this standard >> in a form that is legally enforceable (directly or indirectly) by the first >> party, individual users, and regulators; data retention by the third party >> must not survive the end of this legal enforceability; the third party >> undertakes reasonable technical precautions to prevent collecting data that >> could be correlated across first parties. >> >> Non-normative Discussion: >> The rationale for rule (2) is that we allow the third party to stand in the >> first party’s shoes – but go no further. The third party may not use the >> data it collects for “product improvement,” “aggregate analytics,” or any >> other purpose except to fulfill a request by a first party, where the >> results are shared only with the first party. >> >> Rule (3) allows for the possibility of more than one level of outsourcing. >> >> In rule (4), one component of reasonable technical precautions will often be >> using the same-origin policy to segregate information for each first-party >> customer. >> >> Note that any data collected by the third party that is used, or may be >> used, in any way by any party other than the first party, is subject to the >> requirements for third parties. >> >> Example: >> ExampleAnalytics collects analytic data for ExampleProducts Inc.. It >> operates a site under the DNS analytics.exampleproducts.com. It collects >> and analyzes data on visits to ExampleProducts, and provides that data >> solely to ExampleProducts, and does not access or use it itself. >> >> Text that possibly belongs in other sections: >> When the third party sends a response header, that header must indicate that >> that they are a third party and that they are operating under this >> exception. Note that a third party that operates under a domain name or >> other arrangement that makes it appear to the user as if they are the first >> party, or a part or affiliate of the first party, is nonetheless a third >> party and is subject to the requirements of this clause ("DNS >> masquerading"). >> >> >> >> Issue number: 34 >> Issue name: Possible exemption for aggregate analytics >> Suggested retitle: Possible exemption for unidentifiable data >> >> Issue URL: >> http://www.w3.org/2011/tracking-protection/track/issues/34 >> >> Section number in the FPWD: 3.4 Types of Tracking >> Contributors to this text: (Draft) David Singer, (Edit) Jonathan Mayer >> >> Specification: >> A third party may collect, retain, and use any information from a user or >> user agent that, with high probability, could not be used to: 1) identify >> or nearly identify a user or user agent; or >> 2) correlate the activities of a user or user agent across multiple network >> interactions. >> >> Examples: >> 1. A third-party advertising network records the fact that it displayed an >> ad. 2. A third-party analytics service counts the number of times a popular >> page was loaded. >> >> Non-Normative Discussion: >> This exception (like all exceptions) may not be combined with other >> exceptions unless specifically allowed. A third party acting within the >> outsourcing exception, for example, may not make independent use of the >> data it has collected even though the use involves unidentifiable data. A >> rule to the contrary would provide a perverse incentive for third parties >> to press all exceptions to the limit and then use the collected data within >> this exception. A potential ‘safe harbor’ under this clause could be to >> retain only aggregate counts, not per-transaction records. >> >> Text that possibly belongs elsewhere: >> Possible advances in de-anonymization that make previously non-identifiable >> data, identifiable, should be considered. [Maybe need an issue: whose >> problem is it when data from disparate sources, all but one of which are >> anonymous, is combined to achieve de-anonymization?]
Received on Monday, 9 January 2012 20:17:56 UTC