- From: Roy T. Fielding <fielding@gbiv.com>
- Date: Wed, 26 Jun 2013 01:16:25 -0700
- To: "public-tracking@w3.org Mailing List" <public-tracking@w3.org>
This is ISSUE-188 The definition of de-identified does not capture the discussion we had on list regarding anonymous data and the unnecessary burden of contracts. It also uses old terms like "consumer" and "computer" that we don't need, and is phrased in terms of the process of de-identification (what a party must do) rather than the state of the data after de-identification has completed. Existing text in Sec 2.8: ============================ Data is deidentified when a party: 1. has achieved a reasonable level of justified confidence that the data cannot be used to infer information about, or otherwise be linked to, a particular consumer, computer, or other device; 2. commits to try not to reidentify the data; and 3. contractually prohibits downstream recipients from trying to re-identify the data. ============================ Replacement: ============================ A data set is considered de-identified when there exists a reasonable level of justified confidence that the data within it cannot be used to infer information about, or otherwise be linked to, a particular user. ============================ ....Roy
Received on Wednesday, 26 June 2013 08:16:48 UTC