W3C home > Mailing lists > Public > public-tracking@w3.org > March 2013

Re: TPE Handling Out-of-Band Consent (including ISSUE-152)

From: Ronan Heffernan <ronansan@gmail.com>
Date: Sun, 24 Mar 2013 18:45:12 -0400
Message-ID: <CAHyiW9JhvZ1MyLAOJ_k10PwCNU8SpXvuqK_RtqEr4BzaL_=AGg@mail.gmail.com>
To: Rob van Eijk <rob@blaeu.com>
Cc: "Mike O'Neill" <michael.oneill@baycloud.com>, public-tracking@w3.org, "Roy T. Fielding" <fielding@gbiv.com>, Justin Brookman <justin@cdt.org>
Rob,
   The "secure delete" (or otherwise sufficiently
de-identify/make-unlinkable) is exactly the same as a normal DNT:1 user
(which is MUST, right?), after the allowed OOBC-determination window closes
except for the raw data that is allowed to be kept under other provisions
of the spec (and limited to those specified uses).  I am not suggesting any
new permitted use for raw (non-de-identified/linkable) data, as long as
OOBC means that there are no restrictions on using the raw data of those
users who have consented via an out-of-band mechanism.  I am also not
suggesting getting rid of any permitted uses, such as security, fraud
detection, or data needed for operating the service.

--ronan


On Sat, Mar 23, 2013 at 1:06 PM, Rob van Eijk <rob@blaeu.com> wrote:

>
> Ronan,
>
> WIll the secure delete requirement be a MUST in normative text in the
> compliance document?? ie how strong is your compare and forget proposal?
> Does it prevent processing under the exceptions that currently exist under
> DNT:1 text eg security?
>
> Rob
>
>
Received on Sunday, 24 March 2013 22:46:00 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:45:07 UTC