questionnaire to gain more insight into industry stakeholder practices

• From: Dan Auerbach <dan@eff.org>
• Date: Fri, 10 May 2013 16:12:22 -0700
• To: "public-tracking@w3.org" <public-tracking@w3.org>
• Message-ID: <518D7ED6.3040702@eff.org>

As discussed during the data retention breakout at the F2F, here the
requested guide for information from industry participants that would
help inform the group's thought process as to what type of data
reasonably must be retained and how long for permitted uses under the
standard. This short questionnaire is important for the group's work. It
is not a suggested transparency guide for users. I think being maximally
transparent to users would be good too and we should have that
conversation, but that is not the intention of this questionnaire. I
plan to respond to this email with hypothetical examples of helpful and
non-helpful responses, so please consider those before finalizing your
response. (The examples may not come right away as I must finish other
work first). One final comment: there may be some small areas where the
questions below touch on other information companies would like to
protect. For these, we should be able to have an unscribed conversation
off-list. I don't think a schematic of a data flow is a trade secret,
but making public the names of clients would obviously be sensitive.

1. Outline your company's role in the Internet data collection
ecosystem, and your business model.
2. What permitted uses are you proposing retaining data for?
3. For each permitted use, how long are you proposing retaining data?
4. Draw a diagram of your logging and data pipeline, including
peripheral databases that store customer information, and databases used
for aggregated reports.
5. In the diagram above, indicate all repeating data processing jobs
(e.g. cron jobs or other processes that occur at regular intervals) that
relate to how data is manipulated within your system.
6. Within the framework of the diagram above, for each proposed
permitted use, describe the life cycle of protocol (HTTP) events and
other data events that come into the system that you would like to retain.
7. In the diagram above, indicate any external clients of the data
(auditors, customers of various sorts), and for each client, the
frequency, format and granularity of the data that is received.
8. For each permitted use, indicate in detail how unique ids are used.

Thanks,

-- 
Dan Auerbach
Staff Technologist
Electronic Frontier Foundation
dan@eff.org
415 436 9333 x134

Received on Friday, 10 May 2013 23:12:50 UTC