- From: Shane Wiley <wileys@yahoo-inc.com>
- Date: Mon, 27 May 2013 13:37:47 +0000
- To: "rob@blaeu.com" <rob@blaeu.com>
- CC: "public-tracking@w3.org" <public-tracking@w3.org>
Rob, That is the core issue as I believe the de-identified approach we've documented meets that definition (as do other NAI members). - Shane -----Original Message----- From: Rob van Eijk [mailto:rob@blaeu.com] Sent: Monday, May 27, 2013 6:33 AM To: Shane Wiley Cc: public-tracking@w3.org Subject: RE: ACTION-406: Propose a new set of names around yellow state Shane, It is fine to hold it off to a live engagement. For now I would like to add that the NAI defines de-identified as 'data that is not linked or reasonably linkable to an individual or to a particular computer or device' [1]. If the NAI can, in the Code of Conduct, I do not see why you can't. After all, Yahoo! is one of the NAI members. mvg::Rob [1] page 4 of the NAI Code of Conduct URL: http://www.networkadvertising.org/2013_Principles.pdf. Shane Wiley schreef op 2013-05-27 15:16: > Rob, > > So close... Let's hold on the "partly de-identified" vs. "fully > de-identified" discussion for a live engagement. I believe you're > equating "de-identified" to be equal for the most part to "unlinkable" > from a definition perspective whereas they are slightly different to > me. > > We are indeed on the same page conceptually and simply struggling to > use terms we both agree with so I see this as very positive. > > - Shane > > -----Original Message----- > From: Rob van Eijk [mailto:rob@blaeu.com] > Sent: Monday, May 27, 2013 6:13 AM > To: Shane Wiley > Cc: public-tracking@w3.org > Subject: RE: ACTION-406: Propose a new set of names around yellow > state > > > Shane, > > Thanks for friendly ammendment. If you are ok with the following added > precision, you and I have reached consensus. This way we do not have > to get into the linguistic difference between the partly and full > de-identified state versus the 2-step process of de-identification. > > > (...) e.g. a partly de-identified but still linkable unique > identifier, such as a hashed pseudonym. > > > mvg::Rob > > Shane Wiley schreef op 2013-05-27 14:39: >> Rob, >> >> I believe this well stated but am caught up on the following phrase: >> "...MAY contain information indirectly linked to an individual, >> computer or device, e.g. a linkable unique identifier or a hashed >> pseudonym." Use of a "linkable unique identifier" in this sense >> makes it appear like we're back in the red state. Perhaps it would >> be better stated as "...MAY contain information indirectly linked to >> an individual, computer or device, e.g. a de-identified but still >> linkable unique identifier, such as a hashed pseudonym." >> >> Are you okay with that modification? >> >> - Shane >> >> -----Original Message----- >> From: Rob van Eijk [mailto:rob@blaeu.com] >> Sent: Monday, May 27, 2013 4:07 AM >> To: public-tracking@w3.org >> Subject: Re: ACTION-406: Propose a new set of names around yellow >> state >> >> >> To avoid confusion, repost as a whole (thanks Mike!): >> >> >> For the PII definition, I use the ISO 29100 (privacy framework) >> definition. >> >> We discussed a 3 state process of de-identification at the last F2F. >> In order to take away any confusion on the difference between partly >> de-identified (YELLOW state) and fully de-identified (GREEN state), I >> propose the following text: >> >> <TEXT> >> In terms of unlinkability versus de-identification it remains >> important to seperate the two concepts: >> - de-identification helps in the event of a data breach, when a >> dataset is out on the street due to e.g a databreach. It is a way to >> address the reasonable requirements of an adequate level of >> protection. >> - an adequate level of protection is completely different from >> unlinkability. Unlinkability is connected to the notion of personally >> identifieable information (PII). >> >> This standard refers to the ISO 29100 (privacy framework) definition >> of personally identifiable information (PII): >> any information that (a) can be used to identify the PII principal to >> whom such information relates, or (b) is or might be directly or >> indirectly linked to a PII principal. >> NOTE To determine whether a PII principal is identifiable, account >> should be taken of all the means which can reasonably be used by the >> privacy stakeholder holding the data, or by any other party, to >> identify that natural person. >> >> The RED state data may contain (a) and (b). In order to go from the >> red state to the yellow state, direct identifiable information MUST >> be removed, e.g. an email address or a phone number. >> The YELLOW state data is partly de-identified, and MAY contain >> information indirectly linked to an individual, computer or device, >> e.g. >> a linkable unique identifier or a hashed pseudonym. >> The GREEN state data is fully de-identified data and SHOULD NOT >> contain personally identifiable information (PII). Any risk for >> re-identification of fully de-identified data MUST be regularly >> assessed and mitigated through Privacy Risk Management. >> </TEXT> >> >> >> Rob van Eijk schreef op 2013-05-27 12:15: >>> s/fully de-identified (red state)/fully de-identified (GREEN state)/ >>> >>> sorry for typo. Green is fully de-identified. >>> >>> Rob >>> >>> Rob van Eijk schreef op 2013-05-27 12:01: >>>> For the PII definition, I use the ISO 29100 (privacy framework) >>>> definition. >>>> We discussed a 3 state process of de-identification at the last >>>> F2F. >>>> In order to take away any confusion on the difference between >>>> partly de-identified (yellow state) and fully de-identified (red >>>> state), I propose the following text: >>>> <TEXT> >>>> In terms of unlinkability versus de-identification it remains >>>> important to seperate the two concepts: >>>> - de-identification helps in the event of a data breach, when a >>>> dataset is out on the street due to e.g a databreach. It is a way >>>> to address the reasonable requirements of an adequate level of >>>> protection. >>>> - an adequate level of protection is completely different from >>>> unlinkability. Unlinkability is connected to the notion of >>>> personally identifieable information (PII). >>>> This standard refers to the ISO 29100 (privacy framework) >>>> definition of personally identifiable information (PII): >>>> any information that (a) can be used to identify the PII principal >>>> to whom such information relates, or (b) is or might be directly or >>>> indirectly linked to a PII principal. >>>> NOTE To determine whether a PII principal is identifiable, account >>>> should be taken of all the means which can reasonably be used by >>>> the privacy stakeholder holding the data, or by any other party, to >>>> identify that natural person. >>>> The red state data may contain (a) and (b). In order to go from the >>>> red state to the yellow state, direct identifiable information MUST >>>> be removed, e.g. an email address or a phone number. >>>> The yellow state data is partly de-identified, and MAY contain >>>> information indirectly linked to an individual, computer or device, >>>> e.g. a linkable unique identifier or a hashed pseudonym. >>>> The green state data is fully de-identified data and SHOULD NOT >>>> contain personally identifiable information (PII). Any risk for >>>> re-identification of fully de-identified data MUST be regularly >>>> assessed and mitigated through Privacy Risk Management. >>>> </TEXT>
Received on Monday, 27 May 2013 13:38:37 UTC