RE: Deidentification (ISSUE-188) from Mike O'Neill on 2014-07-17 (public-tracking@w3.org from July 2014)

From: Mike O'Neill <michael.oneill@baycloud.com>
Date: Thu, 17 Jul 2014 16:17:56 +0100
To: "'TOUBIANA Vincent'" <vtoubiana@cnil.fr>, <public-tracking@w3.org>
Message-ID: <0b4701cfa1d2$4b6184c0$e2248e40$@baycloud.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Vincent,

Thanks for this thoughtful definition.

So I understand it, a couple of questions.

Does the definition allow a data set containing a single record to be classed as de-identified? So a subsequent transaction can be linked to a previous transaction, but as soon as the dataset contains more than one record it is no longer de-identified, and DNT:1 applies etc.?

By “record” I assume this means one instance of “tracking data”  derived from an HTTP transaction e.g. [UID, Source IP, Url,…]

If so then what happens if only one record is ever retained (just updated with a derived web activity score perhaps), in this case can  web activity based profiling continue irrespective of DNT?



Mike


From: TOUBIANA Vincent [mailto:vtoubiana@cnil.fr]
Sent: 16 July 2014 17:19
To: public-tracking@w3.org
Subject: RE: Deidentification (ISSUE-188)

I’d like to propose a definition of de-identification which is closer to the concept of anonymization defined in the Article 29 Opinion (http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp216_en.pdf).

A data-set is de-identified when it is no longer possible to:
- - isolate some or all records which correspond to a device in the dataset,
- - link, at least, two records concerning the same device,
- - deduce, with significant probability, the value of an attribute from the values of a set of other attributes.

The third criteria may -- in some cases -- go beyond de-identification but the first two are, in my opinion, required to limit re-identification risks.

Best regards,

Vincent Toubiana


De : Justin Brookman [mailto:jbrookman@cdt.org]
Envoyé : mercredi 16 juillet 2014 04:47
À : public-tracking@w3.org (public-tracking@w3.org)
Objet : Deidentification (ISSUE-188)

All, I have updated the wiki (https://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_Deidentification) to reflect what I *think* are the active change proposals on data minimization.  If I incorrectly culled yours --- or you wish to propose different language --- please let us know!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (MingW32)
Comment: Using gpg4o v3.3.26.5094 - http://www.gpg4o.com/
Charset: utf-8

iQEcBAEBAgAGBQJTx+kiAAoJEHMxUy4uXm2J0y0IALIsz8sPsMeAUM2OhEPwU8tz
sc49sIWgsvPu5dR4OWgOsnZbcZGH9VM/tIHOeJcKyM5DatBgDVOl7/ZtqwkAN+gt
+tiKZZsU9gbJ82Ri9S9PjCCWu/TfYmQES4P/BLrd32LPrhwG6l95qEp2/G5LTRd0
z3p3mhlsmqZvHh3RmVfbsiWv+79NIY4fpcl1FWpal9s+DoUHrDohe/NhbGf+IEnd
O9A5TQPosGOtEynPj5Mu64bWSG/oG4UD2N2KlKc2yFbS4bF+Jx6XVuDZKgNlehUg
TN0avUUBOShuhBnk0rZYf2lKd6NmH0dR1QS6akvm0HPAwdyj5GvRxfh0w3mQoJ0=
=ff5S
-----END PGP SIGNATURE-----

Attachments

text/html attachment: PGPexch.htm
application/octet-stream attachment: PGPexch.htm.sig

Received on Thursday, 17 July 2014 15:18:36 UTC