Retention with grace period (ACTION-266)

In the Amsterdam f2f I was given ACTION-266 to suggest retention related to
a timed grace period. I'm trying to figure out how this is fundamentally
different from ISSUE-142 (
https://www.w3.org/2011/tracking-protection/track/issues/142) which we have
fundamentally failed to make progress on.

I'll briefly repeat my general stance, but I really don't want to sound
like a broken record which I feel is something that's becoming an
increasing risk for the working group in general.

I'd like to see an approach where, within the first six weeks of
"collecting" or "being exposed to data", the burden on implementers
(servers) is extremely low. I'd like to see that so that for the majority
of small companies / websites, it's very easy to claim compliance (and thus
broaden adoption of DNT by servers). In my ideal world, you would be able
to "retain" or "collect" data for up to six weeks without any compliance
burden. As long as you discard data from DNT users within 6 weeks (e.g. you
only keep the last 6 weeks of logs at any point), you're done. It
essentially creates a fast path "If this applies to you you can stop
reading, you're done."

Sadly, it can't be quite that simple, because if it's a total free-for-all
within the six week period one could simply transfer data to a third party
and say "I'm still in compliance." So, we need some limitations on what can
be done within the first six weeks, but to be very explicit, this DOES NOT
line up precisely with uses of long-term (>6wk) data. If we make it line up
exactly, then the compliance burden becomes the same and we've not achieved
anything.

My concrete proposal is contained in
http://lists.w3.org/Archives/Public/public-tracking/2012May/0030.html

Additionally, I think we need to discuss what an audit for DNT would look
like. My proposal here would be that audits should look at practices as
relate to long-term data retention only. (If you're keeping data >6 weeks,
you must show that your use matches what is stated in whatever policy you
have, and that you have appropriate technical controls in place to ensure
that access to the data is controlled for these uses only.) Within the 6
week period, there's flexibility to get your data from its original logging
sources/formats into the system of controls you have in place for long-term
data, and the "audit" is a noop unless someone has provided evidence that
you're doing something prohibited by
http://lists.w3.org/Archives/Public/public-tracking/2012May/0030.html in
the six week period (e.g. transferring data to a third party).

If someone believes this action was somehow materially different from
ISSUE-142 / ACTION-190 I'm all ears.

Received on Wednesday, 24 October 2012 16:53:59 UTC