- From: Dan Auerbach <dan@eff.org>
- Date: Mon, 03 Jun 2013 15:32:33 -0700
- To: public-tracking@w3.org
On 06/03/2013 01:49 PM, Thomas Roessler wrote: > We met today to further discuss data retention for permitted uses, following up on the lunch table discussion in Sunnyvale. > > > > Minutes are available: > http://www.w3.org/2013/06/03-dnt-minutes.html > > > 1. Points of general agreement from the face-to-face: > > - third parties must provide public transparency re: retention for permitted uses > - there could be different retention periods for different Permitted Uses > - post retention period, data is destroyed or otherwise rendered anonymous / deidentified / ... > - there is disagreement about a proposal to normatively include specific numbers It wasn't discussed so much in the meeting, but just to clarify the position that I have (and believe to be Aleecia's position too): we are not suggesting that normative language is used to force retention numbers; instead, the idea is to have guiding numbers with the carve-out that companies who need longer periods need merely to disclose that, and possibly provide a bit of justification in their privacy policies. > > There was also agreement in Sunnyvale that data retention for permitted uses must be proportionate, though I forgot to mention that point on the call. > > > 2. Transparency for retention periods > > - agreement that disclosures should say "data XYZ is retained for permitted use UVW for time ABC" > - agreement that the nature of "data XYZ" should be somewhere in the middle between P3P-type granularity and "we keep data about the user" > - disagreement what that looks like exactly > - disagreement whether data currently shared in privacy policies is adequate > > As a follow-up item, if people can give a sense what additional data might be useful (while staying in "middle ground" territory), or what else they think might be needed to get closer to consensus, then that would be useful to put on the table. > > > 3. Information sharing within the group > > - Dan Auerbach called out financial logging, audit, security as permitted uses where he thought more data might be needed; frequency capping probably ok. > - sentiment from industry participants that they would expect to share the same data within the group as in public > - Offered W3C staff anonymizing information, or providing a W3C member confidential forum for additional information sharing. > - General preference for private 1:1 conversations over any of these, therefore not pursuing further. My preference is for companies to share publicly. But in light of clear signals that this won't happen, I think 1:1 is the only way towards potentially useful information sharing. > > > 4. Numbers or not? > > Time was up; we'll reconvene specifically on this pint. > > Thomas Roessler, W3C <tlr@w3.org> (@roessler) > > > > > >
Received on Monday, 3 June 2013 22:33:07 UTC