- From: Edward W. Felten <felten@CS.Princeton.EDU>
- Date: Tue, 9 Jul 2013 13:49:01 -0400
- To: Thomas Roessler <tlr@w3.org>
- Cc: Jack Hobaugh <jack@networkadvertising.org>, "<public-tracking@w3.org>" <public-tracking@w3.org>, Nicholas Doty <npdoty@w3.org>
- Message-ID: <CANZBoGh2fuHWCfN7x7n=2tZj7juWM+xPZbuDH-QMCKk6Kpmuxg@mail.gmail.com>
It would also be useful to know the rationale for the changes you are proposing. How does changing "data" to "URL data cross websites or Unique ID" affect the scope of the term? Why do you think it makes sense to (presumably) narrow the scope in this way? On Tue, Jul 9, 2013 at 11:58 AM, Thomas Roessler <tlr@w3.org> wrote: > Jack, > > were you planning to address my clarification questions from this note? > http://lists.w3.org/Archives/Public/public-tracking/2013Jul/0005.html > > In particular, I'd like to understand why, for the principles in section > 5, you're talking about de-identified data, but for the retention limit, > you're talking about de-identified and delinked. That seems odd -- I'd > expect those two points to be in synch... > > Thanks, > > Thomas Roessler, W3C <tlr@w3.org> (@roessler) > > > > > On 2013-07-09, at 17:51 +0200, Jack Hobaugh <jack@networkadvertising.org> > wrote: > > Dear Colleagues, > > The following consensus industry amendments to the DAA June 26 submission > are proposed to provide further clarification to the June 26 submission. > > We look forward to discussing the June 26 submission and these amendments. > > Amendment # 1: > > Data is *deidentified* when a party:**** > > 1. has taken reasonable steps to ensure that the *URL* data *across > websites or Unique ID* cannot reasonably be re-associated or connected to > a specific user, computer, or device; **** > > 2. has taken reasonable steps to protect the non-identifiable nature of > data if it is distributed to non-affiliates and obtain satisfactory written > assurance that such entities will not attempt to reconstruct the data in a > way such that an individual may be re-identified and will use or disclose > the de-identified data only for uses as specified by the entity.**** > > 3. has taken reasonable steps to ensure that any non-affiliate that > receives de-identified data will itself ensure that any further > non-affiliate entities to which such data is disclosed agree to the same > restrictions and conditions.**** > > 4. will commit to not purposely sharing this data publicly.**** > > Data is *delinked* when a party:**** > > 1. has achieved a reasonable level of justified confidence that data has > been de-identified and cannot be internally linked to a specific user, > computer, or other device within a reasonable timeframe;**** > > 2. has taken reasonable steps to ensure that data cannot be reverse > engineered back to identifiable data without the need for operational or > administrative controls. > Amendment # 2: > > Tracking is the collection and retention, or use of a user’s browsing > activity – the domains or URLs visited across non-affiliated websites --linked to a specific user, > computer, or device. > Amendment # 3: > > The first party *MUST NOT* pass information without consent about this > network interaction to third parties who could not collect or use the > data themselves when DNT:1 is received. Information about the transaction > *MAY* be passed on to service providers acting on behalf of the first > party > > Best regards, > > Jack > * > Jack L. Hobaugh Jr > *Network Advertising Initiative | Counsel & Senior Director of Technology > 1634 Eye St. NW, Suite 750 Washington, DC 20006 > P: 202-347-5341 | jack@networkadvertising.org > > > > > > > -- Edward W. Felten Professor of Computer Science and Public Affairs Director, Center for Information Technology Policy Princeton University 609-258-5906 http://www.cs.princeton.edu/~felten
Received on Tuesday, 9 July 2013 17:49:47 UTC