Re: ACTION-371: text defining de-identified data

I agree, and think it is more specific and accurate than just saying
"device". I was hoping to clarify in my last email only that this means
a _particular_ user agent; I really think it's clear enough from
context, though, reading it again.

On 03/12/2013 01:24 PM, John Simpson wrote:
> Dan,
> I share Kevin's view.
> John
>
> On Mar 12, 2013, at 11:03 AM, Kevin Kiley <kevin.kiley@3pmobile.com
> <mailto:kevin.kiley@3pmobile.com>> wrote:
>
>> Dan,
>>  
>> In case I wasn't being clear in my last post, I (personally) believe that
>> User-agent should **not** be removed from the proposed text.
>>  
>> I actually don't think it would do any harm to **add** the word 'Computer'
>> as well ( which is present in the current FTC definition ) so it reads like this…
>>  
>> Normative text:
>>  
>> Data can be considered sufficiently de-identified to the extent that it
>> has been deleted, modified, aggregated, anonymized or otherwise
>> manipulated in order to achieve a reasonable level of justified
>> confidence that the data cannot reasonably be used to infer information
>> about, or otherwise be linked to, a particular user, user agent, computer or device.
>>  
>> I think that covers it pretty well, and **no** 'clarifying text' is necessary.
>>  
>> Just my 2 cents.
>>  
>> Kevin Kiley
>>  
>>  
>> Previous message(s)…
>>  
>> Dan,
>>  
>> Perhaps you can add text clarifying this perspective or, much like the FTC, suffice with "device" which I believe more than covers what you're looking for here.
>>  
>> - Shane
>>  
>> From: Dan Auerbach [mailto:dan@eff.org <mailto:dan@eff.org?Subject=RE%3A%20ACTION-371%3A%20text%20defining%20de-identified%20data&In-Reply-To=%253CDCCF036E573F0142BD90964789F720E31365EC29%40GQ1-EX10-MB03.y.corp.yahoo.com%253E&References=%253CDCCF036E573F0142BD90964789F720E31365EC29%40GQ1-EX10-MB03.y.corp.yahoo.com%253E>]
>> Sent: Tuesday, March 12, 2013 8:57 AM
>> To: public-tracking@w3.org <mailto:public-tracking@w3.org?Subject=RE%3A%20ACTION-371%3A%20text%20defining%20de-identified%20data&In-Reply-To=%253CDCCF036E573F0142BD90964789F720E31365EC29%40GQ1-EX10-MB03.y.corp.yahoo.com%253E&References=%253CDCCF036E573F0142BD90964789F720E31365EC29%40GQ1-EX10-MB03.y.corp.yahoo.com%253E>
>> Subject: Re: ACTION-371: text defining de-identified data
>>  
>> Shane and Kevin -- The phrase "user agent" in the text is intended to refer to a particular user agent (not "Chrome 26" but rather "the browser running on Dan's laptop". I hoped that would be clear from context, but if it's not we can clarify. I may not be able to identify your device per se, but can identify that this is the same browser as I saw before. I think this is the case with using cookies, for example. It seems more accurate to me than lumping it all under "device", and appropriate since the text of our document is elsewhere focused on user agents, unlike the FTC text.
>>  
>> Best,
>> Dan
>>  
>> On 03/12/2013 12:19 AM, Kevin Kiley wrote:
>> >> Shane Wiley wrote...
>> >> I had removed "user agent" in the suggested edit as this could be something as generic as "Chrome 26".
>>  
>> It can also be something VERY specific... and tell you a LOT about the Computer/OS/Device being used.
>>  
>> In the case of Mobile... it will pretty much tell you EXACTLY what 'Device' is being used.
>>  
>> >> The FTC likewise does not use "user agent" in their definition.
>>  
>> That's true... but BOTH definitions (W3C and FTC) currently mention 'Device'... and the FTC
>> reports go to great lengths about how important it is to exclude any knowledge of 'the Device'
>> from the de-identified data ( especially in the case of 'Mobile Devices' ).
>>  
>> Kevin Kiley
>>  
>


-- 
Dan Auerbach
Staff Technologist
Electronic Frontier Foundation
dan@eff.org
415 436 9333 x134

Received on Tuesday, 12 March 2013 20:36:03 UTC