- From: Peter Swire <peter@peterswire.net>
- Date: Tue, 2 Apr 2013 08:25:55 -0700
- To: "<public-tracking@w3.org> Working Group" <public-tracking@w3.org>
- Message-ID: <CD807087.74BA5%peter@peterswire.net>
Wednesday call April 3, 2013 --------------------------- Administrative Chair: Peter Swire --------------------------- 1. Confirmation of scribe – glad to accept volunteer in advance 2. Offline-caller-identification: If you intend to join the phone call, youmust either associate your phone number with your IRC username once you've joined the call (command: "Zakim, [ID] is [name]" e.g., "Zakim, ??P19 is schunter" in my case), or let Nick know your phone number ahead of time. If you are not comfortable with the Zakim IRC syntax for associating your phone number, please email your name and phone number to npdoty@w3.org<mailto:npdoty@w3.org>. We want to reduce (in fact, eliminate) the time spent on the call identifying phone numbers. Note that if your number is not identified and you do not respond to off-the-phone reminders via IRC, you will be dropped from the call. --------------------------- Compliance Spec --------------------------- 3. ACTION-368: Service Provider. Seek to get to Pending Review – Stable. Chris Pedigo has indicated that he will circulate a slightly revised definition before Wednesday’s call. His last round of text: http://lists.w3.org/Archives/Public/public-tracking/2013Mar/0057.html. 4. ACTION-373: Append. Text proposed by John Simpson and Alan Chapell, with concurrence by Jeff Chester. Normative: When DNT:1 is received: -- A 1st Party MUST NOT combine or otherwise use identifiable data received from another party with data it has collected while a 1st Party. -- A 1st Party MUST NOT shareidentifiable data with another party unless the data was provided voluntarily by the user and is necessary to complete a business transaction with the user. -- A Party MUST NOT usedata gathered while a 1st Party when operating as a 3rd Party. Non-Normative: When DNT:1 is received, a 1st Party retains the ability to customize content, services, and advertising only within the context of the first party experience. A 1st party takes the user interaction outside of the 1st party experience if it receives identifiabledata from another party and uses that data for customization of content, services, or advertising. When DNT:1 is received the 1st Party may continue to utilize user provided data in order to complete or fulfill a user initiated business transaction such as fulfilling an order for goods or a subscription. When DNT:1 is received and a Party has become a 3rd Party it is interacting with the user outside of the 1st Party experience. Using data gathered while a 1st party is incompatible with interaction as a third party. Chris Pedigo gave five examples on data append in September, 2012, which are useful to consider in light of the proposed language: http://www.w3.org/2011/tracking-protection/track/actions/229 5. ACTION-376: First Party and Multiple First Parties. Seek to get to Pending Review – Stable. In a specific network interaction, a party with which the user intentionally interacts is a first party. In most cases on a traditional web browser, the first party will be the party that owns and operates the domain visible in the address bar. The party that owns and operates or has control over a branded/labelled embedded widget, search box, or similar service with which a user intentionally interacts is also considered a First Party. If a user merely mouses over, closes, or mutes such content, that is not sufficient interaction to render the party a first party. http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html#first-party Justin Brookman’s proposed text on multiple first parties: http://lists.w3.org/Archives/Public/public-tracking/2013Mar/0053.html Rob Sherman’s earlier proposed text: http://lists.w3.org/Archives/Public/public-tracking/2012Nov/0075.html 6. ACTION-371: De-identification. There has been considerable traffic on the list about this topic. Dan Auerbach has drafted text, and goal is to see if we can go to Pending Review – Stable on normative and non-normative text. Dan’s latest version: Normative text: Data can be considered sufficiently de-identified to the extent that it has been deleted, modified, aggregated, anonymized orotherwise manipulated in order to achieve a reasonable level of justified confidence that the data cannot reasonably be used to infer information about, or otherwise be linked to, a particular user, user agent, or device. Non-normative text: Example 1. In general, using unique or near-unique pseudonymous identifiers to linkrecords of a particular user, user agent, or device within a large data setdoes NOT provide sufficient de-identification. Even absent obvious identifiers such as names, email addresses, or zip codes, there are many ways to gain information about individuals based on pseudonymous data. Example 2. In general, keeping only high-level aggregate data across a small number of dimensions, such as the total number of visitors of a website each day broken down by country (discarding data from countries without many visitors), would be considered sufficiently de-identified. Example 3. Deleting data is always a safe and easy way to achieve de-identification. Remark 1. De-identification is a property of data. If data can be considered de-identified according to the “reasonable level of justified confidence” clause of (1), then no data manipulation process needs to take place in order to satisfy the requirements of (1). Remark 2. There are a diversity of techniques being researched and developed to de-identify data sets [1][2], and companies are encouraged to explore and innovate new approaches to fit their needs. Remark 3. It is a best practice for companies to perform “privacy penetration testing” by having an expert with access to the data attempt to re-identify individuals or disclose attributes about them. The expert need not actually identify ordisclose the attribute of an individual, but if the expert demonstrates howthis could plausibly be achieved by joining the data set against other public data sets or private data sets accessible to the company, then the data set in question should no longer be considered sufficiently de-identified and changes should be made to provide stronger anonymization for the data set. [1] https://research.microsoft.com/pubs/116123/dwork_cacm.pdf [2] http://www.cs.purdue.edu/homes/ninghui/papers/t_closeness_icde07.pdf 7. ACTION-372, service providers and debugging. David Wainberg has submitted text, with Jonathan Mayer comments on the list. 6.1.1.2.7 Debugging Information may be collected, retained and used for identifying and repairing errors that impair existing intended functionality. Non-normative addition: This provision includes use of data by service providers from across multiple clients simultaneously for the limited purpose of system debugging. http://lists.w3.org/Archives/Public/public-tracking/2013Mar/0174.html 8. Announce next meeting & adjourn ================ Infrastructure ================= Zakim teleconference bridge: VoIP: sip:zakim@voip.w3.org<file:///sip/zakim@voip.w3.org> Phone +1.617.761.6200 passcode TRACK (87225) IRC Chat: irc.w3.org<http://irc.w3.org/>, port 6665, #dnt ***** Professor Peter P. Swire C. William O'Neill Professor of Law Ohio State University 240.994.4142 www.peterswire.net
Received on Tuesday, 2 April 2013 15:26:22 UTC