AW: June Change Proposal, de-identified from Thomas Schauf on 2013-06-26 (public-tracking@w3.org from June 2013)

From: Thomas Schauf <schauf@bvdw.org>
Date: Wed, 26 Jun 2013 16:03:26 +0000
To: "Roy T. Fielding" <fielding@gbiv.com>, "public-tracking@w3.org Mailing List" <public-tracking@w3.org>
Message-ID: <EF36F5EBBFF0634BBAA37CF2B2DB2A42687A3A3B@BVDWDC1.dmmv.local>

On issue 188 the existing text in sec. 2.8 is pretty unclear: "has achieved a reasonable level of justified confidence"
I would like to make a proposal which is more European/German legal language:

Data is deidentified when a party:
1. data that has been collected, altered or otherwise processed so that it of itself cannot be attributed to a data subject without the use of additional data which is subject to separate and distinct technical and organisational controls to ensure such non attribution, or that such attribution would require a disproportionate amount of time, expense and effort.

KR, Thomas


Thomas Schauf
Head of European & International Affairs



Bundesverband Digitale Wirtschaft (BVDW) e.V. - German Association for the Digital Economy
Berliner Allee 57, D-40212 Düsseldorf
Fon: +49 (0)211 600456-16
Fax: +49 (0)211 600456-33
schauf@bvdw.org
www.bvdw.org

President: Matthias Ehrlich
Vice-Presidents: Christoph N. v. Dellingshausen, Harald R. Fortmann, Achim Himmelreich, Ulrich Kramer, Burkhard Leimbrock
Managing Director: Tanja Feller

Local Court Düsseldorf, VR 8358
__________________________________________________
The contents of this email is solely for the intended addressee. If you received this e-mail received erroneously, please immediately notify the sender. Please delete this e-mail entirely.


-----Ursprüngliche Nachricht-----
Von: Roy T. Fielding [mailto:fielding@gbiv.com] 
Gesendet: Mittwoch, 26. Juni 2013 10:16
An: public-tracking@w3.org Mailing List
Betreff: June Change Proposal, de-identified

This is ISSUE-188

The definition of de-identified does not capture the discussion we had on list regarding anonymous data and the unnecessary burden of contracts.  It also uses old terms like "consumer"
and "computer" that we don't need, and is phrased in terms of the process of de-identification (what a party must do) rather than the state of the data after de-identification has completed.

Existing text in Sec 2.8:
============================
Data is deidentified when a party:

 1. has achieved a reasonable level of justified confidence that the data cannot be used to infer information about, or otherwise be linked to, a particular consumer, computer, or other device;  2. commits to try not to reidentify the data; and  3. contractually prohibits downstream recipients from trying to re-identify the data.
============================


Replacement:
============================
A data set is considered de-identified when there exists a reasonable level of justified confidence that the data within it cannot be used to infer information about, or otherwise be linked to, a particular user.
============================

....Roy

Received on Wednesday, 26 June 2013 16:03:55 UTC