Re: June Change Proposal, de-identified

On Jun 26, 2013, at 4:40 AM, Justin Brookman wrote:

> I strongly object to this change, and it is far removed from the discussion we have had on this issue over the last several months.

It is far removed from that discussion, yes.  I objected to that
discussion many times.

>  It would, in fact, completely supersede the discussion we have had on audience measurement, as *any data* could be retained for *any purpose* so long as it would pseudonymized (e.g., not associated with PII).  Some iteration of red/yellow/green would be preferable to this option, but I still think NO CHANGE is appropriate for the deidentification language.

I don't follow that claim at all, though I haven't slept much
for two days and may be missing something subtle.

This definition does not permit (nor forbid) data collection.
It just defines the state at which a given data set can be
considered de-identified.  Simply pseudonymizing the data set
would not meet this definition, AFAICT.

....Roy

> From: Roy T. Fielding [mailto:fielding@gbiv.com]
> To: public-tracking@w3.org Mailing List [mailto:public-tracking@w3.org]
> Sent: Wed, 26 Jun 2013 04:16:25 -0500
> Subject: June Change Proposal, de-identified
> 
> This is ISSUE-188
> 
> The definition of de-identified does not capture the discussion
> we had on list regarding anonymous data and the unnecessary
> burden of contracts. It also uses old terms like "consumer"
> and "computer" that we don't need, and is phrased in terms of
> the process of de-identification (what a party must do) rather
> than the state of the data after de-identification has completed.
> 
> Existing text in Sec 2.8:
> ============================
> Data is deidentified when a party:
> 
> 1. has achieved a reasonable level of justified confidence that the data cannot be used to infer information about, or otherwise be linked to, a particular consumer, computer, or other device;
> 2. commits to try not to reidentify the data; and
> 3. contractually prohibits downstream recipients from trying to re-identify the data.
> ============================
> 
> 
> Replacement:
> ============================
> A data set is considered de-identified when there exists a reasonable level of justified confidence that the data within it cannot be used to infer information about, or otherwise be linked to, a particular user.
> ============================
> 
> ....Roy

Received on Wednesday, 26 June 2013 13:14:54 UTC