- From: Alan Chapell <achapell@chapellassociates.com>
- Date: Mon, 15 Oct 2012 12:50:23 -0400
- To: "public-tracking@w3.org" <public-tracking@w3.org>
Hi Rigo - If you truly believe that a near term dirt easy data minimization program is possible (one that works at scale), then yes, let's discuss. May I ask you for a moratorium on the use of examples that have nothing to do with our work here? You may be correct that your data is unsafe at the hands of the U.S. Govt. Unless you can explain how DNT is going to address that issue for you, its not productive to discuss here. On 10/12/12 7:21 PM, "Rigo Wenning" <rigo@w3.org> wrote: >Thanks Shane, for the constructive response. > >On Friday 12 October 2012 14:38:56 Shane Wiley wrote: >> If only... We've been unable to develop a mechanism that works at >> scale and still allows Permitted Uses to operate as intended (aka >> - doesn't create significant business harm). >> >> I love this as an aspirational goal going forward but for DNT to >> be implemented in the near-term, unique identifiers will need to >> continue to exist and instead we should keep our initial focus on >> use-based restrictions. > >Ok, here we have an open challenge. If we find a near term dirt easy >thing to do to minimize data collection and maintain frequency >capping (the only one I see where you want uniqueIDs apart from >financial, which is obviously uncontroversial), we could progress. I >think there were proposals on the table and we have to re-iterate >whether they are suitable. The target is to avoid easy abuse of the >promise made not to use that for profiles. Note that all the >profiling is entirely in the sphere of the service, so I can >understand the lack of total trust that data isn't creatively re- >used with an argumentation of non-identification that could be >controversial. Not having uniqueID avoids that discussion. > >> >> Avoiding valid legal requests (what you call 'Spooks') should NOT >> be a goal of DNT in my opinion. If you don't like the law, then >> work to change the law - not develop technical standards to >> circumvent it. > >First of all, whether such requests are legal is in the eye of the >beholder. As I just learned, my data is not protected against the >government in the US as I'm not a US citizen. And I can affirm you >that yours is not protected in the EU against government either. So >there is some merit in risk management by data minimization that >also helps to reduce the costs of companies confronted with legal >information requests. We can't just dismiss that interference >because it makes too much of the psychological reaction out there to >be ignored. > >Best, > >Rigo > >
Received on Monday, 15 October 2012 16:50:59 UTC