- From: Aleecia M. McDonald <aleecia@aleecia.com>
- Date: Sat, 29 Sep 2012 22:25:44 -0700
- To: John Simpson <john@consumerwatchdog.org>
- Cc: "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
- Message-Id: <CA9E0890-18A6-4C45-A381-F93934362079@aleecia.com>
Hi John, Thank you for your suggested new text before the deadline. While we can add this as an option, I would like to remind you that in Boston we heard that aggregate reports of one month spans are an exceedingly common use case for this data. The rationale for six weeks was to add some extra time beyond a rolling four week period, just in case something needs to be re-run or otherwise needs a little extra time. During our discussions in Boston, I remember Peter being able to live with six weeks as reasonable for privacy, and many in industry able to live with six weeks as reasonable time for processing. We were exceedingly close to consensus on this point. Two weeks' notice for leaving a job is an interesting concept, but is also a cultural construct. I hear that in some European countries, 3 or 6 months' notice is common. I am not convinced this is a relevant metric for our work here on log files. If you have new information to present to the group with substantive reasons for why two weeks rather than six weeks, this would be a good time to discuss that information. Aleecia On Sep 28, 2012, at 4:13 PM, John Simpson <john@consumerwatchdog.org> wrote: > Sure, David. > > As I understand it what we're talking about here are log files and that sort of thing that are passively collected with any Internet transaction. If DNT is enabled they ought not be retained in unidentifiable form. The question: What is a reasonable time frame for that? > > I came up with two weeks based on an analogy to the sort of common workplace understanding about leaving a job. You give two weeks notice when you quit. You give the boss two weeks two get things in order upon your departure. Here the user is giving the server two weeks notice to get things in order to honor his or her explicit preference about not being tracked. > > > Best, > John > > ---------- > John M. Simpson > Consumer Advocate > Consumer Watchdog > 2701 Ocean Park Blvd., Suite 112 > Santa Monica, CA,90405 > Tel: 310-392-7041 > Cell: 310-292-1902 > www.ConsumerWatchdog.org > john@consumerwatchdog.org > > On Sep 28, 2012, at 3:49 PM, David Wainberg wrote: > >> John, >> >> It might be helpful to provide your basis for suggesting the two week period as a viable option. >> >> -David >> >> >> On 9/28/12 6:33 PM, John Simpson wrote: >>> Aleecia, >>> >>> I would offer this option: >>> >>> Option 3: >>> >>> Operators MAY retain data related to a communication in a third-party context for up to TWO weeks. During this time, operators may render data unlinkable (as described above) or perform processing of the data for any of the other permitted uses >>> >>> ---------- >>> John M. Simpson >>> Consumer Advocate >>> Consumer Watchdog >>> 2701 Ocean Park Blvd., Suite 112 >>> Santa Monica, CA,90405 >>> Tel: 310-392-7041 >>> Cell: 310-292-1902 >>> www.ConsumerWatchdog.org >>> john@consumerwatchdog.org >>> >>> On Sep 28, 2012, at 3:12 PM, David Wainberg wrote: >>> >>>> Aleecia, >>>> >>>> In reviewing this to provide feedback, it occurs to me that it relies on the definition of unlinkable, which is still very much up for debate. How can companies weigh in on these options without understanding what the requirements actually are? We should postpone this poll until we define unlinkable so that companies can give realistic feedback regarding the time and effort needed to meet the requirements. >>>> >>>> Thanks, >>>> >>>> David >>>> >>>> >>>> On 9/25/12 6:20 PM, Aleecia M. McDonald wrote: >>>>> From the call on 12 September, we discussed topics where we have increasing clarity on options for permitted uses. I want to make sure we have the text right to reflect our options prior to doing a decision process with a poll calling for objections, which is responsive to Ian's feedback. We also want to move quickly, as Roy suggests. >>>>> >>>>> Please propose specific alternative text if you believe that the two texts given below do not reflect the options before us by Friday, 28 September. We will briefly review these texts on the call tomorrow, just to make sure no one misses anything, and here we are on the mailing list, for those who cannot make the call. >>>>> >>>>> Aleecia >>>>> >>>>> ----- >>>>> Log files: issue-134 >>>>> ---- >>>>> >>>>> This normative text fits into the section on Third Party Compliance, subsection 6.1.1.1, Short Term Collection and Use, <http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html#short-term>. We will also want non-normative text, and have some suggested, but that will be clearer once we have the normative text settled. (Options for definitions of unlinkable data are in section 3.6, Unlinkable Data, <http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html#def-unlinkable>.) >>>>> >>>>> Option 1: >>>>> Operators MAY retain data related to a communication in a third-party context for up to 6 weeks. During this time, operators may render data unlinkable (as described above) or perform processing of the data for any of the other permitted uses. >>>>> >>>>> Option 2: >>>>> Operators MAY retain data related to a communication in a third-party context. They MUST provide public transparency of their data retention period, which MUST have a specific time period (e.g. not infinite or indefinite.) During this time, operators may render data unlinkable (as described above) or perform processing of the data for any of the other permitted uses. >>>>> >>>>> >>>>> >>>> >>> >> >
Received on Sunday, 30 September 2012 05:26:18 UTC