summary: data retention call

We met today to further discuss data retention for permitted uses, following up on the lunch table discussion in Sunnyvale.



Minutes are available:
	http://www.w3.org/2013/06/03-dnt-minutes.html


1. Points of general agreement from the face-to-face:

- third parties must provide public transparency re: retention for permitted uses
- there could be different retention periods for different Permitted Uses
- post retention period, data is destroyed or otherwise rendered anonymous / deidentified / ...
- there is disagreement about a proposal to normatively include specific numbers

There was also agreement in Sunnyvale that data retention for permitted uses must be proportionate, though I forgot to mention that point on the call.


2. Transparency for retention periods

- agreement that disclosures should say "data XYZ is retained for permitted use UVW for time ABC"
- agreement that the nature of "data XYZ" should be somewhere in the middle between P3P-type granularity and "we keep data about the user"
- disagreement what that looks like exactly
- disagreement whether data currently shared in privacy policies is adequate

As a follow-up item, if people can give a sense what additional data might be useful (while staying in "middle ground" territory), or what else they think might be needed to get closer to consensus, then that would be useful to put on the table.


3. Information sharing within the group

- Dan Auerbach called out financial logging, audit, security as permitted uses where he thought more data might be needed; frequency capping probably ok.
- sentiment from industry participants that they would expect to share the same data within the group as in public
- Offered W3C staff anonymizing information, or providing a W3C member confidential forum for additional information sharing.
- General preference for private  1:1 conversations over any of these, therefore not pursuing further.


4. Numbers or not?

Time was up; we'll reconvene specifically on this pint.

Thomas Roessler, W3C <tlr@w3.org> (@roessler)

Received on Monday, 3 June 2013 20:49:36 UTC