Re: TPE Handling Out-of-Band Consent (including ISSUE-152)

Rob,
   The "secure delete" (or otherwise sufficiently
de-identify/make-unlinkable) is exactly the same as a normal DNT:1 user
(which is MUST, right?), after the allowed OOBC-determination window closes
except for the raw data that is allowed to be kept under other provisions
of the spec (and limited to those specified uses).  I am not suggesting any
new permitted use for raw (non-de-identified/linkable) data, as long as
OOBC means that there are no restrictions on using the raw data of those
users who have consented via an out-of-band mechanism.  I am also not
suggesting getting rid of any permitted uses, such as security, fraud
detection, or data needed for operating the service.

--ronan


On Sat, Mar 23, 2013 at 1:06 PM, Rob van Eijk <rob@blaeu.com> wrote:

>
> Ronan,
>
> WIll the secure delete requirement be a MUST in normative text in the
> compliance document?? ie how strong is your compare and forget proposal?
> Does it prevent processing under the exceptions that currently exist under
> DNT:1 text eg security?
>
> Rob
>
>

Received on Sunday, 24 March 2013 22:46:00 UTC