W3C home > Mailing lists > Public > public-tracking@w3.org > May 2012

Re: Allowed uses of protocol data in first N weeks (ACTION-190)

From: イアンフェッティ <ifette@google.com>
Date: Thu, 3 May 2012 10:42:05 -0700
Message-ID: <CAF4kx8cq6ccXtBo15=Bz1ZcVv0HUysSAS27b2io5QM000WNyDQ@mail.gmail.com>
To: John Simpson <john@consumerwatchdog.org>
Cc: "public-tracking@w3.org Group WG" <public-tracking@w3.org>
I thought in the DNT f2f people were going between 2-6, and Matthias raised
the question of whether it mattered? I picked 6 as something that seemed
reasonably short but ought to be enough for the vast majority of workflows
that I know of. Personally, I don't really have a vested interest here...


On Wed, May 2, 2012 at 12:38 PM, John Simpson <john@consumerwatchdog.org>wrote:

> Thanks, Ian. Interesting text. A clarifying question:  Why six weeks; why
> not four or conversely eight?  What's significant about six?
> Regards,
> John
> On May 2, 2012, at 8:47 AM, Ian Fette (イアンフェッティ) wrote:
> On last week's call, I took an action to write a proposal for protocol
> data in the first N weeks (ACTION-190 and ISSUE-142).
> My proposed text would be as follows, comments welcome:
> Protocol data, meaning data that is transmitted by a user agent, such as a
> web browser, in the process of requesting content from a provider,
> explicitly including items such as IP addresses, cookies, and request URIs,
> MAY be stored for a period of 6 weeks in a form that might not otherwise
> satisfy the requirements of this specification. For instance, the data may
> not yet be reduced to the subset of information allowed to be retained for
> permitted uses (such as fraud detection), and technical controls limiting
> access to the data for permitted uses may not be in place on things like
> raw logs data sitting on servers waiting for processing and aggregation
> into a centralized logs storage service.
> Within this six week period, a data collector MUST NOT share data with
> other parties in a manner that would be prohibited outside of the six week
> period. Similarly, a data collector MUST NOT use the data to build any
> profile, or associate the data to any profile, of a user used for purposes
> other than would be allowed outside of the the six week period. As
> examples, a data collector MAY use the raw data within a six week period to
> debug their system, a data collector MAY use the raw data within the six
> week period to build a profile of a user fraudulently or maliciously
> accessing the system for purposes such as blocking access to the system by
> that user, but the data collector MUST NOT build a profile to serve
> targeted advertisements based on the user's past six weeks of browsing
> activity.
> After the six week period has passed, only the subset of data necessary to
> accomplish the permitted exceptions in this specification may be retained,
> and the data must be controlled in such a way that only access to the data
> for these permitted exceptions is allowed.
> ----------
> John M. Simpson
> Consumer Advocate
> Consumer Watchdog
> 1750 Ocean Park Blvd. ,Suite 200
> Santa Monica, CA,90405
> Tel: 310-392-7041
> Cell: 310-292-1902
> www.ConsumerWatchdog.org
> john@consumerwatchdog.org
Received on Thursday, 3 May 2012 17:42:35 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:38:42 UTC