- From: Matthias Schunter <mts-std@schunter.org>
- Date: Thu, 21 Jun 2012 20:34:45 +0200
- To: "public-tracking@w3.org" <public-tracking@w3.org>
Participants: - Shane Wiley - Lee (EFF) - Rob (Art 29) - Jeff Chester - James Bretano - Erik Neuenschwander - Craig Spezie - Kevin Trilli - David Wainberg - Matthias Schunter (Scribe) - Chris Meija (Observer) Notes - Focus on exceptions - One key difference are the retention periods - European-style approach to retention: - Publish fixed retention period - Publish why it cannot be done with a shorter retention period - Operational purposes are often mandated by contract/law - EG proofs of showing an add need to be retained - Purpose binding is important - Lee: Data availability creates a target - Improvements to Industry Proposal: 1. Mandate fixed and limited retention period 2. Separation of purposes and their retention periods: - Long retention, stronger controls, and essential data - Shorter retention, reduced requirements on control, and potentialy more data 3. If you cannot justify data collection with a permitted use, it must not happen 4. Add a proportionality section: Saying why data is needed and why at this point no practical solutions with less data exist (subsidiarity principle). 5. Retention policy may state how long raw data is kept and at what point the data is aggregated 6. Publish the exceptions that you actually use. 7. Look at precautionary principle: If a company believes it can do better, then it should do so. [has served well in the environmental way] as aspirational statements (maybe as non-normative) - Question: What are practical controls that minimize data and retention - Matthias: If we agree with published limited retention periods and data minimization practices, one would need a mechanism for companies to compete on better privacy. - Edge case: Using third parties for fraud prevention for banking across all banks (e.g., a service fingerprinting browsers to trace cheaters accross sites) - Security Use case: Protection against fraudulent ads (e.g., phishing adds posted by criminals). Important to have sufficient data to find the damaged party and trace them back to the phishing add and its criminal provider. - Unclear: Can the B-cookie be anonymized and an enterprise still meet the financial requirements - Question: What changes could make Shanes proposal acceptable to privacy advocates without requiring retention period in the standard: - Restriction to passive protocol data would help - Should for the retention period may work - Proposal should make cristal clear what users gain by DNT;1 - Data only for limited use - Suggestion: Limit data retention to say XX years - If you need longer retention, you need to justify it with a business case or regulatory requirements
Received on Thursday, 21 June 2012 18:35:04 UTC