- From: Kimon Zorbas <vp@iabeurope.eu>
- Date: Tue, 23 Oct 2012 10:10:36 +0000
- To: Walter van Holst <walter.van.holst@xs4all.nl>, "public-tracking@w3.org" <public-tracking@w3.org>
- Message-ID: <CCAC38E2.3D7BB%vp@iabeurope.eu>
Hi Walter, I am not aware any of my members using birth dates for display advertising in non-authenticated scenarios. Arguably, this constitutes personal data. I think it is good having such examples to approach business practices vs theoretically possible approaches. On ePrivacy transposition, you can find most legal texts adopted across the EU /EEA on our website, including a map, which shows the different approaches taken by the countries: http://www.iabeurope.eu/knowledge-bank/knowledge-bank/public-affairs.aspx For the German reference, check article 15.3 of the German Telemedia Law – that includes pseudonymisation. Kind regards, Kimon From: Walter van Holst <walter.van.holst@xs4all.nl<mailto:walter.van.holst@xs4all.nl>> Organization: COMECON Date: Tuesday 23 October 2012 11:59 To: "public-tracking@w3.org<mailto:public-tracking@w3.org>" <public-tracking@w3.org<mailto:public-tracking@w3.org>> Subject: Re: Linkability & European reality Resent-From: <public-tracking@w3.org<mailto:public-tracking@w3.org>> Resent-Date: Tuesday 23 October 2012 11:59 On 2012-10-23 10:27, Kimon Zorbas wrote: Many countries in Europe will accept many datasets as anonymous, whereas Germany takes (surprise, surprise…) a much stricter approach and only recognises such datasets as pseudonymous. In this context we cannot disregard pseudonymous data. Whether you can link such data and do so in practice (again, I believe theoretical debates are important, but what matters more to consumers and business is the actual practice, i.e. what 95% of companies do) is a question involved stakeholders might interpret differently. Striving towards a concept that takes a "strict US approach" on anonymisation (as I believe you suggest) would create a paradox with the strict data protection regulation in Germany… Dear Kimon, Given that the harmonisation achieved by the Data Protection Directive is suboptimal to say the least, I am not going to doubt your assertion that there is variation across European Data Protection Authorties' opinions on what constitutes 'anonymous' data, despite all the guidance provided by the Article 29 Working Group. Nonetheless it would be helpful if you could provide some references for that assertion, if necessary off-list. entirely disregard. We want one global standard that can respond much better to privacy needs than blanket legislation. Given that the area of what is actually anonymous is governed by the harsh reality of statistics and information theory (the examples Dan gave are particularly enlightening in this regard), I think this should be one of the subjects that should lend itself best for global standardisation. This PhD dissertation deals with the subject: http://cyberwar.nl/d/PhD-thesis_Measuring-and-Predicting-Anonymity_2012.pdf One of its conclusions was that 67% of Dutch citizens are identifiable by their postal code and date of birth alone. I think this illustrates the need for aggressive hashing. Regards, Walter
Received on Tuesday, 23 October 2012 10:11:21 UTC