Re: Deidentification (ISSUE-188)

The text you propose connects the state of a permanently de-identified 
dataset to the possibility of identifying a user/user-agent or device. I 
think limiting the approach to identification is way too limited.
What is not covered is for example:
- the sharing (for e.g. data enrichment and data correlation).
- the application of de-identified data to the individusl user/user 
agent/device (for e.g. re-targeting).
- the retention of data meaning the duration of time that would be 
allowed to bring data in de-identified state.
- any (unintended/unforeseen) data uses that may have an impact on a 
(the personal space) of a user/user agent/device. For example 
re-targeting based on de-identified data, or re-targeting based on 
correlation with de-identified data.

My proposal is to exclude text for de-identified data in order to aim 
for a cleaner specification.


David Singer schreef op 2014-08-14 01:58:
> On Aug 8, 2014, at 6:54 , Mike O'Neill <> 
> wrote:
> Trying another way of phrasing it:
> Data is permanently de-identified (and hence out of the scope of this
> specification) when a sufficient combination of technical measures and
> restrictions ensures that the data does not, and cannot and will not
> be used to, identify a particular user, user-agent, or device.
> Note: Usage and/or distribution restrictions are strongly recommended
> for any dataset that has records that relate to a single user or a
> small number of users; experience has shown that such records can, in
> fact, sometimes be used to identify the user(s) despite the technical
> measures that were taken to prevent that happening.
> David Singer
> Manager, Software Standards, Apple Inc.

Received on Thursday, 14 August 2014 09:09:12 UTC