- From: イアンフェッティ <ifette@google.com>
- Date: Wed, 24 Oct 2012 09:53:31 -0700
- To: "public-tracking@w3.org Group WG" <public-tracking@w3.org>
- Message-ID: <CAF4kx8fLXN8yROfbP9UQ3tLR_3U7OWBo+sWdMTYupMgJAzeArA@mail.gmail.com>
In the Amsterdam f2f I was given ACTION-266 to suggest retention related to a timed grace period. I'm trying to figure out how this is fundamentally different from ISSUE-142 ( https://www.w3.org/2011/tracking-protection/track/issues/142) which we have fundamentally failed to make progress on. I'll briefly repeat my general stance, but I really don't want to sound like a broken record which I feel is something that's becoming an increasing risk for the working group in general. I'd like to see an approach where, within the first six weeks of "collecting" or "being exposed to data", the burden on implementers (servers) is extremely low. I'd like to see that so that for the majority of small companies / websites, it's very easy to claim compliance (and thus broaden adoption of DNT by servers). In my ideal world, you would be able to "retain" or "collect" data for up to six weeks without any compliance burden. As long as you discard data from DNT users within 6 weeks (e.g. you only keep the last 6 weeks of logs at any point), you're done. It essentially creates a fast path "If this applies to you you can stop reading, you're done." Sadly, it can't be quite that simple, because if it's a total free-for-all within the six week period one could simply transfer data to a third party and say "I'm still in compliance." So, we need some limitations on what can be done within the first six weeks, but to be very explicit, this DOES NOT line up precisely with uses of long-term (>6wk) data. If we make it line up exactly, then the compliance burden becomes the same and we've not achieved anything. My concrete proposal is contained in http://lists.w3.org/Archives/Public/public-tracking/2012May/0030.html Additionally, I think we need to discuss what an audit for DNT would look like. My proposal here would be that audits should look at practices as relate to long-term data retention only. (If you're keeping data >6 weeks, you must show that your use matches what is stated in whatever policy you have, and that you have appropriate technical controls in place to ensure that access to the data is controlled for these uses only.) Within the 6 week period, there's flexibility to get your data from its original logging sources/formats into the system of controls you have in place for long-term data, and the "audit" is a noop unless someone has provided evidence that you're doing something prohibited by http://lists.w3.org/Archives/Public/public-tracking/2012May/0030.html in the six week period (e.g. transferring data to a third party). If someone believes this action was somehow materially different from ISSUE-142 / ACTION-190 I'm all ears.
Received on Wednesday, 24 October 2012 16:53:59 UTC