Re: issue-199


let me focus on the wrapping and less on the content. I think we do 
ourselves a disservice by trying to benefit from the renown of some term 
and to define something surprising/new under it. 

You clearly try to label stock pseudonymization as de-identification 
unless you can tell me otherwise. As far as I understand your concept 
(pointer to some more explanation?), you take an ID you got from a 
device, you replace this ID by a new ID and you have a mapping table 
that one is not supposed to use except to add new content to the 

So now instead of cookie abcdxyz and IP you have YahooID 
schmoozoo321. Both allow you to single out a profile and react on it 
(the term is "discriminate", positive or negative)

What have we gained in protection against discrimination? Nothing. You 
just have exchanged pseudonyms by other pseudonyms. Where is the gain 
that justifies the change in state? 

If we want a truly "yellow" state, there must be some stripping 
happening. Changing IDs that still allow to single out (without 
degrading their granularity) and a promise not to look at the matching 
database is a bit weak to justify the change in state. So for me this is 
still red. 

Accordingly, your definition of de-identification has still too much 
identification in it to tell the world it isn't anymore. That's how 
"de-"identification is generally understood. If identity is the fact of 
being the same person or thing as claimed[1], if identification is 
evidence of identity[2], de-identification will be understood as 
removing the evidence of being the same person. In your definition, this 
is not the case. Of course we could define uphill as 45 degree downwards 
and this way, water would run uphill. But isn't this a bit too cheap? I 
wouldn't dare being seen using that trick. 

That said, I think the idea of having a middle state that allows to do 
things is really good. But your definition and the use of the word "de-
identification" is not doing the trick IMHO.



On Tuesday 09 July 2013 18:29:38 Shane Wiley wrote:
> Deidentification is about removing the association between a unique ID
> (any source:  cookie, digital fingerprint, etc.) and the
> actual/specific user/device.  In this context:
> Red:  actual user/device
> Yellow:  not actual user/device but events are linkable (and only
> usable for analytics/reporting) Green:  not actual user/device and
> events are not linkable (outside the scope of DNT)

Received on Tuesday, 9 July 2013 19:59:56 UTC