- From: Peter Cranstone <peter.cranstone@3pmobile.com>
- Date: Fri, 11 Jan 2013 17:43:31 +0000
- To: Joseph Lorenzo Hall <joe@cdt.org>
- CC: Peter Swire <peter@peterswire.net>, Deven McGraw <deven@cdt.org>, "public-tracking@w3.org" <public-tracking@w3.org>
- Message-ID: <2A61AB2B87BB9342ABE5E22B2CA93C3E15943612@mbx022-e1-nj-10.exch022.domain.local>
Here's a suggestion for discussion. As it's 'My' data why can't I decide what to do with it? Why does the server/content provider get to decide? My definition of Privacy is very simple - Privacy is My ability to control the 'Collection, Flow and Use' (CFU) of my private data. I should be able to indicate to the content provider in real time not only my Privacy intentions but also exactly what you can and cannot do with that data. For DNT to work (at least for the advertisers to accept it) it will have to include an exception mechanism. The current design of the exception mechanism maybe great for wifi but over cellular on mobile there's a lot more traffic. Why not simply allow the user to 'express not only a privacy intention' but also an intention about the use of that data. By allowing the user to set this 'before' transmission you save considerable bandwidth. All that is required is a little more context in the current DNT signal value. Peter _________________________ Peter J. Cranstone CEO. 3PMobile Boulder, CO USA [cid:05F076E5-C316-4120-A289-F8BC07F95735@hsd1.co.comcast.net.] Improving the Mobile Web Experience Cell: 720.663.1752 www.3pmobile.com<http://www.3pmobile.com> On Jan 11, 2013, at 10:26 AM, Joseph Lorenzo Hall <joe@cdt.org<mailto:joe@cdt.org>> wrote: Hi Peter! I read the UK ICO paper recently -- which in no way means I'm prepared to brief the group! The ICO paper is pretty broad and focuses on publishing anonymized data. One of the big differences I found, as a techie, was in the appendices of the ICO report; there they discuss more and more technical de-ID strategies compared to the HHS' document's focus on suppression (redaction), generalization (abbreviation, aggregation) and perturbation. For example, the ICO document talks about resampling, swapping, etc. I also found its' more broad treatment of the ethics of publishing data at all as well as a suggestion to do "pen-testing" like re-identification exercises to be interesting (there's a flow chart on p. 37 that incorporates the guidance from the document rather well). best, Joe On Fri Jan 11 11:48:46 2013, Peter Swire wrote: Hello DNT folks: In response to a question, yes there will be the usualWorking Group call on Wednesday, January 16. The call will include a presentation on the de-identification guidelines issued by the U.S. Department of Health and Human Services in November, 2012. Deven McGraw of CDT was deeply involved in that process, and has agreed to present on that subject. Another major 2012 document on de-identification was areport of the UK Information Commissioner Office, with guidelines for anonymisation under UK and EU law. Is there someone in the group, or known to the group, who has materials prepared on these guidelines and would be able to brief the group on them? If someone is able to do that for this Wednesday, we could do roughly half the call on each one. Discussion below on why these documents provide good background for our discussion of delinking/de-identification. Best, Peter ====== Background reading on de-identification: (1) United Kingdom, Information Commissioner’s Office, “Anonymisation: Managing Data Protection Risk Code of Practice.” (2012). This is the first code of practice on anonymisation published by an EU data protection authority. http://www.ico.gov.uk/for_organisations/data_protection/topic_guides/~/media/documents/library/Data_Protection/Practical_application/anonymisation_code.ashx (2) U.S. Department of Health and Human Services, “Guidance Regarding Methods of De-Identification of Protected Health Information in Accordance with the HIPAA Privacy Rule.” (2012). http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/De-identification/hhs_deid_guidance.pdf Here is an explanation for why I have selected these two documents to assist in our examination of de-identification issues. Both of them are written by established government agencies that have years of experience with de-identification. Both agencies sought and received public comments in the preparation of the reports, from a range of stakeholders. Selection of these documents is not intended to endorse the reports or claim that their recommendations should be applied directly to Do Not Track. For the HHS report, one might assert that it is stricter than should apply to DNT, because medical data is usually considered more sensitive than advertising data. On the other hand, perhaps the HHS report is less strict than appropriate for DNT, because entities covered by the HIPAArules have comprehensive privacy obligations that do not apply to other U.S. firms. Similarly, for the ICO report, one might argue that it is stricter than appropriate for DNT, because many entities covered by DNT are not subject to the comprehensive legal regime of the EU Data Protection Directive. By contrast, one might argue that the ICO report is not as strict as appropriate. I have been told, for instance, that the Dutch approach is stricter than the ICO report, although I have not seen any document that explains the Dutch approach. If someone in the Working Group is aware of such a document, that could be helpful. Here are two other governmental reports that provide additional background for those who wish to dig deeper: 1. Health System Use Technical Advisory Committee, “Best Practice Guidelines for Managing the Disclosure of De-Identified Health Information.” 2010. This document was drafted by a multi-stakeholder group led by Canadian federal/provincial/territorial ministries of health. http://www.ehealthinformation.ca/documents/de-idguidelines.pdf 2. Federal Committee on Statistical Methodology, “Statistical Policy Working Paper 22, Report on Statistical Disclosure Limitation Methodology.” 2005. The U.S. government for decades has released statistical information while seeking to prevent re-identification, such as for Census results. This paper is the current inter-agency policy document for how to manage the risks of re-identification. http://www.fcsm.gov/working-papers/SPWP22_rev.pdf I welcome others on the WG to suggest background reading on delinking/de-identification, as we lead up to face-to-face discussion on the topic in Boston in February. Peter Professor Peter P. Swire C. William O'Neill Professor of Law Ohio State University 240.994.4142 www.peterswire.net -- Joseph Lorenzo Hall Senior Staff Technologist Center for Democracy & Technology 1634 I ST NW STE 1100 Washington DC 20006-4011 (p) 202-407-8825 (f) 202-637-0968 joe@cdt.org<mailto:joe@cdt.org> PGP: https://josephhall.org/gpg-key
Attachments
- image/jpeg attachment: Signature_Logo.jpeg
Received on Friday, 11 January 2013 17:44:00 UTC