- From: イアンフェッティ <ifette@google.com>
- Date: Thu, 3 May 2012 10:42:05 -0700
- To: John Simpson <john@consumerwatchdog.org>
- Cc: "public-tracking@w3.org Group WG" <public-tracking@w3.org>
- Message-ID: <CAF4kx8cq6ccXtBo15=Bz1ZcVv0HUysSAS27b2io5QM000WNyDQ@mail.gmail.com>
I thought in the DNT f2f people were going between 2-6, and Matthias raised the question of whether it mattered? I picked 6 as something that seemed reasonably short but ought to be enough for the vast majority of workflows that I know of. Personally, I don't really have a vested interest here... -Ian On Wed, May 2, 2012 at 12:38 PM, John Simpson <john@consumerwatchdog.org>wrote: > Thanks, Ian. Interesting text. A clarifying question: Why six weeks; why > not four or conversely eight? What's significant about six? > Regards, > John > > On May 2, 2012, at 8:47 AM, Ian Fette (イアンフェッティ) wrote: > > On last week's call, I took an action to write a proposal for protocol > data in the first N weeks (ACTION-190 and ISSUE-142). > > My proposed text would be as follows, comments welcome: > > Protocol data, meaning data that is transmitted by a user agent, such as a > web browser, in the process of requesting content from a provider, > explicitly including items such as IP addresses, cookies, and request URIs, > MAY be stored for a period of 6 weeks in a form that might not otherwise > satisfy the requirements of this specification. For instance, the data may > not yet be reduced to the subset of information allowed to be retained for > permitted uses (such as fraud detection), and technical controls limiting > access to the data for permitted uses may not be in place on things like > raw logs data sitting on servers waiting for processing and aggregation > into a centralized logs storage service. > > Within this six week period, a data collector MUST NOT share data with > other parties in a manner that would be prohibited outside of the six week > period. Similarly, a data collector MUST NOT use the data to build any > profile, or associate the data to any profile, of a user used for purposes > other than would be allowed outside of the the six week period. As > examples, a data collector MAY use the raw data within a six week period to > debug their system, a data collector MAY use the raw data within the six > week period to build a profile of a user fraudulently or maliciously > accessing the system for purposes such as blocking access to the system by > that user, but the data collector MUST NOT build a profile to serve > targeted advertisements based on the user's past six weeks of browsing > activity. > > After the six week period has passed, only the subset of data necessary to > accomplish the permitted exceptions in this specification may be retained, > and the data must be controlled in such a way that only access to the data > for these permitted exceptions is allowed. > > > ---------- > John M. Simpson > Consumer Advocate > Consumer Watchdog > 1750 Ocean Park Blvd. ,Suite 200 > Santa Monica, CA,90405 > Tel: 310-392-7041 > Cell: 310-292-1902 > www.ConsumerWatchdog.org > john@consumerwatchdog.org > >
Received on Thursday, 3 May 2012 17:42:35 UTC