- From: Peter Swire <peter@peterswire.net>
- Date: Tue, 12 Feb 2013 10:48:56 -0800
- To: "public-tracking@w3.org" <public-tracking@w3.org>
- Message-ID: <CD3FF7EA.6E22B%peter@peterswire.net>
Hello DNT folks:
We reconvene shortly at 2:00 p.m. eastern. The initial segment will be a read-out on the de-identification small groups, with outline below.
After that, I will take some time to lay out a general path forward on the compliance spec. This will include discussion of the specifics of a number of topics in the bare-bones spec, taken together as a integrated overall approach on how to proceed.
Peter
------
Working group read-out:
Q: what term to use?
large consensus to use “de-identified” rather than “unlinkable”
Q: FTC text as base language?
a lot of support for that, at least as strong presumption
similar to DAA language
similar to EU practice
issue: need to “promise” separately vs. say “won’t” reID as part of overall DNT standard
Q: Use cases that don’t qualify as “de-identified”?
1. UD-ID on smartphone – not deID
2. File contains explicit PII – not deID
3. URL history, does contain some identifier (phone, email) – not deID
4. URL history, but not sure what’s in it, and no reasonably justified confidence that identifiers removed – not deID
Q: Create separate category in standard for “pseudonymized”?
no group showed clear support for building/defining this category into the standard
possible non-normative language about role for organizational/administrative controls to complement technical controls
Professor Peter P. Swire
C. William O'Neill Professor of Law
Ohio State University
240.994.4142
www.peterswire.net
Received on Tuesday, 12 February 2013 18:49:25 UTC