Re: Service provider exception (ISSUE-206)

Thank you Justin,

I propose to delete some ambiguity in the third bullitpoint. It now 
reads as follows.

(3) has no independent right to use the data other than in a 
de-identified form (e.g., for monitoring service integrity, load 
balancing, capacity planning, or billing);

In my view, processing for the purposes monitoring service integrity, 
load balancing, capacity planning, or billing must be as directed by the 
contractee. Therefore, these processes are already covered by the second 
bullit. For clarity, this second bullit reads as follows.

(2) ensures that the data is only retained, accessed, and used as 
directed by the contractee;


Therefore, my change to the text from Roy is to delete all the examples. 
such that the third bullit becomes:


(3) has no independent right to use the data other than in a 
de-identified.




PS: Since our deiscussion is far from completion, I want to reiterate 
that my view on de-identified is truely anonymized.


Rob



Justin Brookman schreef op 2014-05-23 20:18:
> We have been discussing this issue for the past two weeks, and no one
> has objected to the amendment that Roy has proposed to the existing
> text (both available here:
> http://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_Service_Provider
> [1]).
> 
> Previously, some working group participants had argued for more
> stringent requirements on service providers --- either identification
> requirements, or requirements that service providers silo client data
> through technical precautions and internal practices. However, if no
> one wants to pursue these proposals any longer, we will adopt Roy's
> language by consensus. Please respond to the public list before the
> group call next week if you wish to propose alternative language.
> 
> 
> 
> Links:
> ------
> [1] 
> http://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_Service_Provider

Received on Saturday, 24 May 2014 08:17:09 UTC