RE: Tracking Data (was Re: [TCS] comments on 17 Feb 2015 editors draft)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

David,

To be clear, I am not arguing about changing the definition of tracking. I did disagree with it, as did others, but I accept the W3C process for what it is, and local law will override it anyway.

What I was arguing about was the removal of the definition of "tracking data", because it is used in many places in both documents, including the definition of permanently de-identified data which was subject to a recent CfO.

It may be in the same section of the definitions as "tracking" , but it is distinct.

The current definition is:
Tracking data is any data that could be combined with other data to engage in tracking a user across different contexts

This defines it as a *subset* of "data that, if retained, means that the retainer has engaged in tracking". It is the part of the set of collected bits that *enables* tracking, i.e. the ability to link as Vincent says.

The reference to it in the 6.4.3 of the TPE is clearly about UID cookies - the placement of them is specifically called out and if they are received (i.e. in a cookies header or any other way) they should be discarded.

It is used throughout the TCS text simultaneously as "all the data collected when tracking" and "data that enables tracking, or the recognition of the same user in subsequent interactions (in other contexts)" .

I agreed that the current definition could be improved, and offered my suggestions, but in the end the current one is better than just removing it.

Cleansing the text of any reference to the essential mechanism of tracking would not help clarity, and in my view would be ridiculous.


Mike
 




> -----Original Message-----
> From: David Singer [mailto:singer@apple.com]
> Sent: 31 March 2015 18:58
> To: Mike O'Neill
> Cc: Roy T. Fielding; Tracking Protection Working Group
> Subject: Re: Tracking Data (was Re: [TCS] comments on 17 Feb 2015 editors
> draft)
> 
> I think we’re off track here. (sorry for the pun).
> 
> Tracking data is data that, if retained, means that the retainer has engaged in
> tracking (as defined). The existence of the data is evidence of an activity.
> 
> We *cannot* re-define tracking at this point; that was a much considered
> consensus.  Nor can we define ‘tracking data’ as anything other than the data
> that results from tracking.
> 
> 
> > On Mar 31, 2015, at 8:08 , Mike O'Neill <michael.oneill@btinternet.com>
> wrote:
> >
> > Roy,
> >
> > I am sure it is possible to rewrite the documents to remove references to
> “tracking data”, but I do not think this necessarily improves clarity. A developer
> needs to know what data his application should be designed to discard (or not
> collect) when DNT:1, and the answer should not be “check with your legal
> department”.
> >
> > I think clarity would be better serviced getting the definition right.
> >
> > Your amendments describe it as both “data collected while tracking” and
> “data that enables tracking”, so why not make the definition that.
> >
> > How about:
> >
> > Tracking data is any information that enables a specific user agent to be
> recognised in different contexts, or which contains the user’s personal data
> collected in other contexts.
> >
> > If we need a definition of personal data, here is a reasonable one from the
> UK’s 1998 Data Protection Act:
> >
> > “personal data” means data which relate to a living individual who can be
> identified—
> > (a)    from those data, or
> > (b)    from those data and other information which is in the possession of, or is
> likely to come into the possession of, the data controller,
> > and includes any expression of opinion about the individual and any indication
> of the intentions of the data controller or any other person in respect of the
> individual;
> >
> >
> > Mike
> 
> David Singer
> Manager, Software Standards, Apple Inc.
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (MingW32)
Comment: Using gpg4o v3.4.103.5490 - http://www.gpg4o.com/
Charset: utf-8

iQEcBAEBAgAGBQJVHQ4DAAoJEHMxUy4uXm2JxHQIAKCyxDEPSrSMmqcrVkZL6YNV
Gc4WhYq0TRcCg+rqmxFztPXbG3Zf/lFeJuYwNAnn1pF5spMyhCC8wOtfBHhqa0Cv
dp7LjjtLfxcyzQ4Cp2VM5d4aRJv0/OYyUijHqU9VoedIGgxeKArjVcfSXxCPSfdA
LQ3z56ZHs1qITSKGB1+uezMsSO8Jz6d4T5uHQTS4FFd0YeN7+hOs4QZWCMoy7BE0
R8iJGVyXxVng0ZEpU5FwZVSPagW1U7IXOdGIJdVLlJG1DOiDYbdnMfGR8tpDJALM
aDma/5kEfaLomFocKD+g2Hmzh6wVMOxOyzqdoKOU58Tn8j9PVZfT5V3qsoHY9SU=
=boZd
-----END PGP SIGNATURE-----

Received on Thursday, 2 April 2015 09:38:47 UTC