- From: Rob van Eijk <rob@blaeu.com>
- Date: Wed, 15 May 2013 23:00:55 +0200
- To: Shane Wiley <wileys@yahoo-inc.com>
- Cc: John Simpson <john@consumerwatchdog.org>, Tracking Protection Working Group <public-tracking@w3.org>
Shane, the search opinion is 5 years old, and in the light of technological develepments in the ad ecosystem, the concept of de-identification and anonymization are adjusted. For example wp29 gave guidance in the recent opinion on purpose limitation, and will continue to do so in the fortcoming opinion on open data and an opinion on anonymization techniques. What you address is managing the risk of re-identification, which is part of accountability in my view as well. But that is not the point of this discussion. It is not just about the resulting dataset containing a risk of re-identification for everyone, no it is above all about the ability for a party to add new (tracking) data to previously collected data. But your point is clear. This short discussion shows that our views are miles apart, and are therefore unlikely to be bridgeable. I still think it is possible to map some permitted uses to the 3 states, and much depends I think, on the outcome on the discussion on Unique IDs, privacy by design principles and data retention. Rob Shane Wiley schreef op 2013-05-15 22:33: > Rob, > > Based on our meetings with the A29WP and DPAs throughout Europe, the > middle-state of the proposal I've put forward meets the de-identified > bar as with the appropriate controls (technical, operational, > administrative) it is "likely reasonable" to consider the data > non-reverse engineer-able back to an identified state (A29WP Search > Engine Opinion from April 2008). Note that this construct > appropriately comes with an Accountability dimension that allows > businesses the flexibility to architect their own solutions and drive > innovation in the marketplace. > > The process of making data "unlinkable" could involve all 3-states > but could just as easily include just 1 or 2 depending on how the > system is designed. I believe de-identification is a step towards > "unlinkable" not the other way around based on the FTC and DAA > definitions. > > - Shane > > > -----Original Message----- > From: Rob van Eijk [mailto:rob@blaeu.com] > Sent: Wednesday, May 15, 2013 1:08 PM > To: John Simpson; Shane Wiley; Tracking Protection Working Group > Subject: Re: ISSUE-198: Define new word for yellow state due to the > fact that the process of de-identification spans all three states > (red,yellow and green). > > Shane, > > I know you disagree, that is why we need this discussion on record. I > am open for a new word an invite you to propose a better word for the > yellow. De-identified aka not about a person anymore is a concern to > me that I expressed previously, because in the EU it is still > considered personal data. The best word in my vocabulary is > pseudonumous, since new data can still be linked to already collected > data. Having taken out identiying elements through data scrubbing is > not enough to make it anonymous. unlinkability is key here, hence the > 3 state approach. > > On the scope of the process of de-identification, in the 3 state > approach, the process includes the second step to make data unlinkable > through various anonymization techniques. > > Looking forward to a new word and would like to learn if you disagree > if the process of de-identification includes all 3 states. > > Rob > > John Simpson schreef op 2013-05-15 21:50: >> Shane, >> I'm not sure I follow how raw data equates with pseudonymous data. >> Could you please point me to definitions you're using so I can better >> understand what you mean here. >> Thanks, >> John >> >> On May 15, 2013, at 12:40 PM, Shane Wiley <wileys@yahoo-inc.com> >> wrote: >> >>> Rob, >>> >>> I strongly disagree and believe based on the current definitions of >>> pseudonymous being considered in the EU context, data in the Red >>> area >>> can meet this definition. Similarly, yellow data meets the >>> definition of de-identified in both the FTC and DAA contexts - >>> whereas "Unlinked" >>> is a bit more debatable. >>> >>> So I believe it's still appropriate to define these as: >>> >>> Stage 1: Raw/Pseudonymous >>> Stage 2: De-Identified >>> Stage 3: Unlinkable (or simply - Out of Scope) >>> >>> As these terms has highly loaded in the regulatory context there >>> will >>> continue to be significant sensitivity to naming conventions here. >>> This is similarly true of the color scheme proposed due to the >>> immediate traffic light connotations it invokes (green = good, >>> yellow >>> = caution, red = bad). I was okay (not happy) with using colors in >>> this manner but don't believe it's fair to over bias the definitions >>> of each phase based on an overly conservative read of existing >>> definitions. >>> >>> - Shane >>> >>> -----Original Message----- >>> From: Rob van Eijk [mailto:rob@blaeu.com] >>> Sent: Wednesday, May 15, 2013 12:03 PM >>> To: Tracking Protection Working Group >>> Subject: ISSUE-198: Define new word for yellow state due to the fact >>> that the process of de-identification spans all three states >>> (red,yellow and green). >>> >>> >>> Dear group, >>> >>> As discussed at the Face to Face and a previous thread [1], there is >>> confusion on the word de-identified data. We discussed the three >>> state model, that I introduced in Cambridge. The FTC text defines >>> unlinkability in terms of de-identification, which makes the term >>> de-identified applicable for the green state. The DAA text Due to >>> the >>> fact that the process of de-identification spans up to the green >>> state when data is considered unlinkable, I would like to propose a >>> new term for the yellow domain. >>> >>> <text proposal> >>> >>> red data: raw data, event level data >>> yellow data: pseudonumous data >>> green data: de-identified data >>> >>> </text proposal> >>> >>> >>> [1] >>> http://lists.w3.org/Archives/Public/public-tracking/2013Mar/0147.html >>> >>> Tracking Protection Working Group Issue Tracker schreef op >>> 2013-05-15 >>> 20:47: >>>> ISSUE-198: Define new word for yellow state due to the fact that >>>> the >>>> process of de-identification spans all three states (red,yellow and >>>> green). >>>> >>>> http://www.w3.org/2011/tracking-protection/track/issues/198 >>>> >>>> Raised by: >>>> On product: >>>
Received on Wednesday, 15 May 2013 21:01:33 UTC