- From: Roy T. Fielding <fielding@gbiv.com>
- Date: Wed, 23 Jul 2014 09:42:34 -0700
- To: David Singer <singer@apple.com>
- Cc: Justin Brookman <jbrookman@cdt.org>, "public-tracking@w3.org List" <public-tracking@w3.org>
On Jul 23, 2014, at 9:32 AM, David Singer wrote: > and to capture the thought in process, what I was floating on the call just now was to add: > > A data set is considered de-identified when: > a) there exists a reasonable level of justified confidence that none of the data within it can be linked to a particular user, user agent, or device; > b) and the creator of the data-set commits not to re-identify any user, user-agent, or device that contributed to the data; > c) and the creator either restricts recipients from any such re-identification or accepts responsibility for any such re-identification. Hmm, well, I still don't think it is necessary to include that in the definition. I think we should have a separate requirement on publication or sharing of tracking data, rather than twist de-identified into an implied behavioral requirement. After all, "42" is de-identified regardless of any later commitments or efforts at re-identifying. ....Roy
Received on Wednesday, 23 July 2014 16:42:48 UTC