- From: Justin Brookman <jbrookman@cdt.org>
- Date: Wed, 08 May 2013 13:04:29 -0400
- To: public-tracking@w3.org
- Message-ID: <20130508170429.ed8e55cd@mail.maclaboratory.net>
I don't have anyone else on this proposal, but several people have told me confidentially that I am not crazy. Setting aside the UI/UA issues for now. Market research: Many people I have spoken with have told me that calibration of DNT:1 users does not need to look at cross-site interactions; it just wants to count unique visitors. If this is true, I do not think we need a separate permitted use. I would be willing to revise the first party/service provider language to make clear that first-party cookies can be used for market research/unique counting. De-identification: Use the existing DAA definition which I think it quite strong. I would like to add examples that show that simply providing one person in your organization the key to your hashes is insufficient. I think the key would have to be that it would be an "undue burden" to your company to deidentify (and sotto voce that you wouldn't deidentify it for law enforcement and no one person in your organization could de-identifiy it). If you're using hashes, you would have to rotate your hashes on a regular basis --- the minimum time period would be determined by the short-term data retention permitted use. If short-term retention period is 30 days, you would need to throw away your hashing keys within 30 days. Product improvement/modeling: No separate permitted use, but de-identified and short term data could obviously be used for this.
Received on Wednesday, 8 May 2013 17:04:58 UTC