- From: Rob van Eijk <rob@blaeu.com>
- Date: Wed, 15 May 2013 23:50:46 +0200
- To: Shane Wiley <wileys@yahoo-inc.com>
- Cc: "Mike O'Neill" <michael.oneill@baycloud.com>, "'John Simpson'" <john@consumerwatchdog.org>, "'Tracking Protection Working Group'" <public-tracking@w3.org>
It is good to acknowledge, that when DNT:1 profiling/targeting must not occur to a computer, user or device. If 'de-identified' means that targeting/profiling can still happen to a unique ID that is attached to a computer or a device, then we need more discussion at a later point in time. In any case, having a new word for 'de-identified' would get us out of this ambiguity for the moment. Rob Shane Wiley schreef op 2013-05-15 23:23: > Mike, > > The tri-state de-identification process attempts to solve for a > middle ground such that activity can be collected against a persistent > identifier but that identifier is not able to connect to devices/users > in the real-world so profiling/targeting to an actual data subject > does not occur. There is some risk in this model so to further remove > that risk a third state is defined that removes the persistence in > identifiers (or removes the identifiers completely) so there is > no/less risk of re-identification. > > - Shane > > -----Original Message----- > From: Mike O'Neill [mailto:michael.oneill@baycloud.com] > Sent: Wednesday, May 15, 2013 2:05 PM > To: 'John Simpson'; Shane Wiley > Cc: rob@blaeu.com; 'Tracking Protection Working Group' > Subject: RE: ISSUE-198: Define new word for yellow state due to the > fact that the process of de-identification spans all three states > (red,yellow and green). > > I think these multi-coloured data types are really a red herring. > > The reality is that tracking, aka collecting someone's web history > over time and across multiple domains, needs a unique identifier > somehow stored in the UA or it uses the IP address. Currently, in the > vast majority of cases, the identifier is encoded in a cookie but it > could also be held in localStorage or the cache (IP addresses are > usually unsuitable because they are often shared with others and > change over time - when IPv6 becomes the norm they will use the > anonymous form and last only a few hours) > > Because browsers are increasingly blocking third-party cookies, in > the near future tracking identifiers will be held in localStorage or > in first-party cookies which are then shared with third-parties. > > If this identifier has a long persistence, i.e. it lasts for months > or years, then the UA can be recognised on subsequent visits over that > period, i.e. the user's device/browser session is being singled-out. > > The data collected may be stripped of immediately identifying > characteristics but it can still be used to determine a single > profiling data point. If the identifier is not deleted or otherwise > limited to a short duration then these data points will be chained > together over time and used to profile the individual. > > A Do Not Track signal should be seen as an explicit indication that > the individual requires this not to happen. > > Mike > > > > -----Original Message----- > From: John Simpson [mailto:john@consumerwatchdog.org] > Sent: 15 May 2013 20:51 > To: Shane Wiley > Cc: rob@blaeu.com; Tracking Protection Working Group > Subject: Re: ISSUE-198: Define new word for yellow state due to the > fact that the process of de-identification spans all three states > (red,yellow and green). > > Shane, > I'm not sure I follow how raw data equates with pseudonymous data. > Could you please point me to definitions you're using so I can better > understand what you mean here. > Thanks, > John > > On May 15, 2013, at 12:40 PM, Shane Wiley <wileys@yahoo-inc.com> > wrote: > >> Rob, >> >> I strongly disagree and believe based on the current definitions of > pseudonymous being considered in the EU context, data in the Red area > can meet this definition. Similarly, yellow data meets the definition > of de-identified in both the FTC and DAA contexts - whereas "Unlinked" > is a bit more debatable. >> >> So I believe it's still appropriate to define these as: >> >> Stage 1: Raw/Pseudonymous >> Stage 2: De-Identified >> Stage 3: Unlinkable (or simply - Out of Scope) >> >> As these terms has highly loaded in the regulatory context there will > continue to be significant sensitivity to naming conventions here. > This is similarly true of the color scheme proposed due to the > immediate traffic light connotations it invokes (green = good, yellow > = caution, red = bad). > I was okay (not happy) with using colors in this manner but don't > believe it's fair to over bias the definitions of each phase based on > an overly conservative read of existing definitions. >> >> - Shane >> >> -----Original Message----- >> From: Rob van Eijk [mailto:rob@blaeu.com] >> Sent: Wednesday, May 15, 2013 12:03 PM >> To: Tracking Protection Working Group >> Subject: ISSUE-198: Define new word for yellow state due to the fact >> that > the process of de-identification spans all three states (red,yellow > and green). >> >> >> Dear group, >> >> As discussed at the Face to Face and a previous thread [1], there is > confusion on the word de-identified data. We discussed the three > state model, that I introduced in Cambridge. The FTC text defines > unlinkability in terms of de-identification, which makes the term > de-identified applicable for the green state. The DAA text Due to the > fact that the process of de-identification spans up to the green state > when data is considered unlinkable, I would like to propose a new term > for the yellow domain. >> >> <text proposal> >> >> red data: raw data, event level data >> yellow data: pseudonumous data >> green data: de-identified data >> >> </text proposal> >> >> >> [1] >> http://lists.w3.org/Archives/Public/public-tracking/2013Mar/0147.html >> >> Tracking Protection Working Group Issue Tracker schreef op 2013-05-15 >> 20:47: >>> ISSUE-198: Define new word for yellow state due to the fact that the >>> process of de-identification spans all three states (red,yellow and >>> green). >>> >>> http://www.w3.org/2011/tracking-protection/track/issues/198 >>> >>> Raised by: >>> On product: >>
Received on Wednesday, 15 May 2013 21:51:22 UTC