- From: <Frank.Dawson@nokia.com>
- Date: Tue, 18 Jun 2013 16:33:09 +0000
- To: <rigo@w3.org>, <public-tracking@w3.org>
Hei Rigo. +1 on your observations. The reference to the EPFL/Lausanne research reminded me of associated past work at the NRC Lausanne lab on the Mobile Data Collection Campaign (see http://research.nokia.com/page/11367) which had the goal to track a sizable suburban sample size of smart phone users over a year or so. How to approach this in a privacy friendly way, yet achieve the goals of creating a research database that still had value for behavioral study purposes. The related research publication (http://sensorlab.cs.dartmouth.edu/phonesense/papers/Aad-NRC.pdf) addressed some of the de-identification of positioning data that has been discussed under this thread. EG, "GPS coordinates are stored with three different precision levels; we give each research group access to the one that is sufficient for their purposes. The different precisions levels are: complete GPS coordinates, removing the last 2 digits and rounding (which, in Switzerland, results in an accuracy of around 110 m in latitude and 80 m in longitude), removing the last 3 digits and rounding (accuracy of roughly 1 km for Switzerland). The truncated coordinates result in step- like paths which increase the ambiguity level. The resulting ambiguity level depends on the initial geographical area: in rural areas, the step-like paths can be easily mapped back to the (only?) road, and the path ends to the (only?) house. Whereas in dense city centers such truncation results in high ambiguity levels, proportional to the number of streets/flats within the output path "step". An adaptive approach is discussed in Section 5." I wanted to add that just having a monolithic approach of mapping a geoposition to postal code is not a blanket solution. One size does not fit all. Frank/ > -----Original Message----- > From: ext Rigo Wenning [mailto:rigo@w3.org] > Sent: 18 June, 2013 02:47 > To: public-tracking@w3.org > Cc: Shane Wiley; David Singer > Subject: Re: Geolocation > > Location is one of the most sensitive personal data. Just removing text is no ok > IMHO as people will look for hints on geolocation. That we do not have > provisions here is fine, but we then need non-normative text on what to do. > > I think that fine grained geolocation use is incompatible with DNT:1 Relying on > external laws and best practices is not appropriate. We need a minimum > protection here for those unregulated markets. > > So either use postal code, but not k-anonymity, at least not without specifying > a minimum area grid: > http://www.cosic.esat.kuleuven.be/publications/article-1469.pdf > > --Rigo >
Received on Tuesday, 18 June 2013 16:32:01 UTC