Re: tracking data (was Re: [TCS] comments on 17 Feb 2015 editors draft)

On 2015-04-07 03:42, Roy T. Fielding wrote:

> For TCS, I am still requesting the following changes:
> 
> 
> 2.9.1 De-identification Considerations:
> 
> Remove the four contradictory references to "original tracking data"
> because that data isn't allowed to exist;
> i.e., replace:
> 
>    •  technical safeguards that prohibit re-identification of
>       de-identified data and/or merging of the original tracking data 
> and
>       de-identified data;
> 
>    •  business processes that specifically prohibit re-identification 
> of
>       de-identified data and/or merging of the original tracking data 
> and
>       de-identified data;
> 
>    •  business processes that prevent inadvertent release of either the
>       original tracking data or de-identified data;
> 
>    •  administrative controls that limit access to both the original
>       tracking data and de-identified data.
> 
> with:
> 
>    •  technical safeguards that prohibit re-identification of
>       de-identified data;
> 
>    •  business processes that specifically prohibit re-identification 
> of
>       de-identified data;
> 
>    •  business processes that prevent inadvertent release of 
> de-identified data;
> 
>    •  administrative controls that limit access to de-identified data.

While I can see where you are coming from, the last two bullet points 
are better in their original form. The release of de-identified data may 
very wel result in a later merger with data that re-identifies it again.

This may be redressed by adding "either by the third party or any 
subsequent recipient of the de-identified data" to your proposal for the 
second bullet point. I think this becomes especially vital when you 
start removing the definition of "tracking data" in 2.10.



> After the above changes, the only remaining use of "tracking data" in
> TCS is within 3.3:
> 
>> 3.3 Third Party Compliance:
>> 
>>   When a third party to a given user action receives a DNT:1
>>   signal in a related network interaction:
>> 
>>    •  that party MUST NOT collect, share, or use tracking data
>>       related to that interaction;
>> 
>>    •  that party MUST NOT use data about network interactions with 
>> that
>>       user in a different context.
> 
> I still think that the above is a poor substitute for our definition
> of tracking, since it uses a different set of words that can only be
> consistent with our definition if we assume "tracking data" =
> "data collected about this particular user across multiple distinct
> contexts".  I would prefer that it used the same words as our 
> definition:
> 
>   When a third party to a given user action receives a DNT:1
>   signal in a related network interaction, the party MUST NOT
> 
>   •  collect data from this network interaction that would result in
>      data regarding this particular user's activity to have been
>      collected across multiple distinct contexts;
> 
>   •  retain, use, or share data derived from this particular user's
>      activity outside the context in which that activity occurred; nor,
> 
>   •  use data about this particular user's activity in other contexts
>      (e.g., to personalize a response to this network interaction).

Again, this leads to a loss of scope. The "would" in the first bullet 
you propose is narrower than conveyed by the original first bullet. My 
suggestion for removal of "tracking data" in the first bullet (original 
phrasing) would be:

"that party MUST NOT collect, share, or use data related to that 
interaction that may allow for tracking by that party;"

Regards,

  Walter

Received on Tuesday, 7 April 2015 12:09:42 UTC