Working Group Output notes

Participants:
- Shane Wiley
- Lee (EFF)
- Rob (Art 29)
- Jeff Chester
- James Bretano
- Erik Neuenschwander
- Craig Spezie
- Kevin Trilli
- David Wainberg
- Matthias Schunter (Scribe)
- Chris Meija (Observer)

Notes
- Focus on exceptions
- One key difference are the retention periods
- European-style approach to retention:
    - Publish fixed retention period
    - Publish why it cannot be done with a shorter retention period
- Operational purposes are often mandated by contract/law
    - EG proofs of showing an add need to be retained
    - Purpose binding is important
- Lee: Data availability creates a target
- Improvements to Industry Proposal:
    1. Mandate fixed and limited retention period
    2. Separation of purposes and their retention periods:
        - Long retention, stronger controls, and essential data
        - Shorter retention, reduced requirements on control, and
potentialy more data
    3. If you cannot justify data collection with a permitted use, it
must not happen
    4. Add a proportionality section: Saying why data is needed and why
at this point
          no practical solutions with less data exist (subsidiarity
principle).
    5. Retention policy may state how long raw data is kept and at what
point
          the data is aggregated
    6. Publish the exceptions that you actually use.
    7. Look at precautionary principle: If a company believes it can do
better, then it should do so.
            [has served well in the environmental way]
         as aspirational statements (maybe as non-normative)
   
- Question: What are practical controls that minimize data and retention
- Matthias: If we agree with published limited retention periods and
data minimization practices,
     one would need  a mechanism for companies to compete on better privacy.
- Edge case: Using third parties for fraud prevention for banking across
all banks
      (e.g., a service fingerprinting browsers to trace cheaters accross
sites)
- Security Use case: Protection against fraudulent ads (e.g., phishing
adds posted by criminals).
      Important to have sufficient data to find the damaged party and
trace them back
      to the phishing add and its criminal provider.
- Unclear: Can the B-cookie be anonymized and an enterprise still meet
the financial requirements
- Question: What changes could make Shanes proposal acceptable to
privacy advocates without requiring retention period in the standard:
    - Restriction to passive protocol data would help
    - Should for the retention period may work
- Proposal should make cristal clear what users gain by DNT;1
    - Data only for limited use
- Suggestion: Limit data retention to say XX years
    - If you need longer retention, you need to justify it with a
business case or regulatory requirements

Received on Thursday, 21 June 2012 18:35:04 UTC