RE: ISSUE-198: Define new word for yellow state due to the fact that the process of de-identification spans all three states (red,yellow and green).

It is good to acknowledge, that when DNT:1 profiling/targeting must not 
occur to a computer, user or device. If 'de-identified' means that 
targeting/profiling can still happen to a unique ID that is attached to 
a computer or a device, then we need more discussion at a later point in 
time. In any case, having a new word for 'de-identified' would get us 
out of this ambiguity for the moment.

Rob

Shane Wiley schreef op 2013-05-15 23:23:
> Mike,
> 
> The tri-state de-identification process attempts to solve for a
> middle ground such that activity can be collected against a persistent
> identifier but that identifier is not able to connect to devices/users
> in the real-world so profiling/targeting to an actual data subject
> does not occur.  There is some risk in this model so to further remove
> that risk a third state is defined that removes the persistence in
> identifiers (or removes the identifiers completely) so there is
> no/less risk of re-identification.
> 
> - Shane
> 
> -----Original Message-----
> From: Mike O'Neill [mailto:michael.oneill@baycloud.com]
> Sent: Wednesday, May 15, 2013 2:05 PM
> To: 'John Simpson'; Shane Wiley
> Cc: rob@blaeu.com; 'Tracking Protection Working Group'
> Subject: RE: ISSUE-198: Define new word for yellow state due to the
> fact that the process of de-identification spans all three states
> (red,yellow and green).
> 
> I think these multi-coloured data types are really a red herring.
> 
> The reality is that tracking, aka collecting someone's web history
> over time and across multiple domains, needs a unique identifier
> somehow stored in the UA or it uses the IP address. Currently, in the
> vast majority of cases, the identifier is encoded in a cookie but it
> could also be held in localStorage or the cache (IP addresses are
> usually unsuitable because they are often shared with others and
> change over time - when IPv6 becomes the norm they will use the
> anonymous form and last only a few hours)
> 
> Because browsers are increasingly blocking third-party cookies, in
> the near future tracking identifiers will be held in localStorage or
> in first-party cookies which are then shared with third-parties.
> 
> If this identifier has a long persistence, i.e. it lasts for months
> or years, then the UA can be recognised on subsequent visits over that
> period, i.e. the user's device/browser session is being singled-out.
> 
> The data collected may be stripped of immediately identifying
> characteristics but it can still be used to determine a single
> profiling data point. If the identifier is not deleted or otherwise
> limited to a short duration then these data points will be chained
> together over time and used to profile the individual.
> 
> A Do Not Track signal should be seen as an explicit indication that
> the individual requires this not to happen.
> 
> Mike
> 
> 
> 
> -----Original Message-----
> From: John Simpson [mailto:john@consumerwatchdog.org]
> Sent: 15 May 2013 20:51
> To: Shane Wiley
> Cc: rob@blaeu.com; Tracking Protection Working Group
> Subject: Re: ISSUE-198: Define new word for yellow state due to the
> fact that the process of de-identification spans all three states
> (red,yellow and green).
> 
> Shane,
> I'm not sure I follow how raw data equates with pseudonymous data.
> Could you please point me to definitions you're using so I can better
> understand what you mean here.
> Thanks,
> John
> 
> On May 15, 2013, at 12:40 PM, Shane Wiley <wileys@yahoo-inc.com> 
> wrote:
> 
>> Rob,
>> 
>> I strongly disagree and believe based on the current definitions of
> pseudonymous being considered in the EU context, data in the Red area
> can meet this definition.  Similarly, yellow data meets the definition
> of de-identified in both the FTC and DAA contexts - whereas "Unlinked"
> is a bit more debatable.
>> 
>> So I believe it's still appropriate to define these as:
>> 
>> Stage 1:  Raw/Pseudonymous
>> Stage 2:  De-Identified
>> Stage 3:  Unlinkable (or simply - Out of Scope)
>> 
>> As these terms has highly loaded in the regulatory context there will
> continue to be significant sensitivity to naming conventions here.
> This is similarly true of the color scheme proposed due to the
> immediate traffic light connotations it invokes (green = good, yellow
> = caution, red = bad).
> I was okay (not happy) with using colors in this manner but don't
> believe it's fair to over bias the definitions of each phase based on
> an overly conservative read of existing definitions.
>> 
>> - Shane
>> 
>> -----Original Message-----
>> From: Rob van Eijk [mailto:rob@blaeu.com]
>> Sent: Wednesday, May 15, 2013 12:03 PM
>> To: Tracking Protection Working Group
>> Subject: ISSUE-198: Define new word for yellow state due to the fact
>> that
> the process of de-identification spans all three states (red,yellow 
> and green).
>> 
>> 
>> Dear group,
>> 
>> As discussed at the Face to Face and a previous thread [1], there is
> confusion on the word de-identified data. We discussed the three
> state model, that I introduced in Cambridge. The FTC text defines
> unlinkability in terms of de-identification, which makes the term
> de-identified applicable for the green state. The DAA text Due to the
> fact that the process of de-identification spans up to the green state
> when data is considered unlinkable, I would like to propose a new term
> for the yellow domain.
>> 
>> <text proposal>
>> 
>> red data: raw data, event level data
>> yellow data: pseudonumous data
>> green data: de-identified data
>> 
>> </text proposal>
>> 
>> 
>> [1]
>> http://lists.w3.org/Archives/Public/public-tracking/2013Mar/0147.html
>> 
>> Tracking Protection Working Group Issue Tracker schreef op 2013-05-15
>> 20:47:
>>> ISSUE-198: Define new word for yellow state due to the fact that the
>>> process of de-identification spans all three states (red,yellow and
>>> green).
>>> 
>>> http://www.w3.org/2011/tracking-protection/track/issues/198
>>> 
>>> Raised by:
>>> On product:
>> 

Received on Wednesday, 15 May 2013 21:51:22 UTC