Re: June change proposal: permitted uses from Nicholas Doty on 2013-07-08 (public-tracking@w3.org from July 2013)

From: Nicholas Doty <npdoty@w3.org>
Date: Mon, 8 Jul 2013 17:18:04 -0400
To: Dan Auerbach <dan@eff.org>
Cc: public-tracking@w3.org
Message-Id: <B67A134D-6BF7-4193-B4CE-F166D8584A59@w3.org>

On Jul 8, 2013, at 1:56 PM, Dan Auerbach <dan@eff.org> wrote:

> On 06/28/2013 11:36 AM, Nicholas Doty wrote:
>> Hi Dan,
>> 
>> I've tried to split out this proposal into what seem to be two key changes: 
>> (1) limitations on the retention and use of unique identifiers
>> (2) retention limits, extensible with justification
>> 
>> ISSUE-199 was already created and closely tracks the first; I've moved it to the June Compliance product. I've also created ISSUE-211 for the second: Should we specify retention periods (extended with transparency) for permitted uses?
>> 
>> And I've added two change proposals to the wiki to capture these two changes. I'm hopeful that splitting them up in this way will help the group understand the parts of the proposal and let us combine proposals that address the same questions.
>> 
>> http://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_Unique_Identifiers
>> http://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_Retention_Permitted_Uses
>> 
>> Your proposal used the same language on unique identifiers in several sections, and I've tried to just add that sentence and describe where it applies -- did you intend it for all permitted uses, or just all except for debugging?
> 
> Thanks for your continuous hard work, Nick. I apologize for the delay responding -- was on vacation. If debugging is sufficiently limited in scope and data retention is short, then I don't think there's a need for that extra sentence on unique identifiers. While the vast majority of debugging likely does not need to use unique identifiers, some forms of debugging might, for example if a site is doing short-term debugging on the process of setting ordinary cookies itself on a small subset of test users. What I want to avoid is the continued use of unique id cookies in general under the auspices of this or any permitted use. Therefore, if the scope of the debugging exception is expanded in certain unacceptable ways, I may suggest that that sentence be added for debugging as well.

Thanks for the clarification, qualified though it might be. I've updated the change proposal on unique identifiers to suggest that this scope would be towards all permitted uses except for short-term debugging.
—Nick

Received on Monday, 8 July 2013 21:19:23 UTC