W3C home > Mailing lists > Public > public-tracking@w3.org > August 2014

Re: Deidentification (ISSUE-188)

From: Nicholas Doty <npdoty@w3.org>
Date: Mon, 25 Aug 2014 13:52:11 -0700
Cc: "public-tracking@w3.org WG" <public-tracking@w3.org>
Message-Id: <553B7586-F83F-45CD-8F45-C3C2DA9F525E@w3.org>
To: David Singer <singer@apple.com>, TOUBIANA Vincent <vtoubiana@cnil.fr>
On August 21, 2014, at 9:04 AM, David Singer <singer@apple.com> wrote:

> I think Roy’s point is that such a requirement does not belong in the definition of the term, and I tend to agree with him.  
> 
> Is there a better place where we could say that {de-identification} procedures should be publicly documented?

Yes, I think it would make sense for the proposal to be to add a requirement to "Server Compliance" (or a related section) like the following:
 A party that complies with a user's tracking preference by deidentification of data (as described above) SHOULD describe those measures publicly, for example, in a privacy policy.
And that would be orthogonal to the definitional question, as it could apply to any of the proposals. (We could have two separate sections in the Call for Objections questionnaire, no problem.)

Optimistically, I've added that text to the wiki here in place of the extra bullet point in the proposed definition:
https://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_Deidentification#Additional_.28orthogonal.29_transparency_requirement

And I've also made some smaller text edits to David's definition, which I think just clarify or fix grammatical structure.

Vincent, did you have a sense whether David's most recent proposal would be sufficient for your purposes that we didn't need the separate Article-29-style proposal in a Call for Objections?

Thanks,
Nick

Received on Monday, 25 August 2014 20:52:23 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:40:12 UTC