Re: tracking data (was Re: [TCS] comments on 17 Feb 2015 editors draft)

Right, this is a different issue than the use of the term "tracking data."
 Contractual agreements with third parties to not try to reidentify data
sets are one way to ensure that deidentified data stays that way.  For
example, the FTC's test for deidentification is (1) a reasonable belief
that the data can't be reidentified, (2) a commitment not to reidentify,
and (3) a commitment not to reidentify from everyone you give the data set
to.

I personally would be fine adding language about this to this non-normative
guidance --- would just adding "and agreements" to the second bullet do it?


   - technical safeguards that prohibit re-identification of de-identified
   data;
   - business processes *and agreements *that specifically prohibit
   re-identification of de-identified data;
   - business processes that prevent inadvertent release of de-identified
   data;
   - administrative controls that limit access to de-identified data

To be clear, we are not requiring contracts against reidentification ---
this would just suggest it as one way to ensure that deidentified data sets
stay deidentified.

Shane, you had objected to Walter's language as going beyond the scope of
what was intended --- does my language go too far for you, or are you OK
with identifying contracts as one potential tool for deidentification?


On Thu, Apr 9, 2015 at 8:47 AM, Walter van Holst <walter@vanholst.com>
wrote:

> On 2015-04-08 21:50, Justin Brookman wrote:
>
>  Walter had previously objected on the mailing list to removing
>> "tracking data" from the non-normative discussion of
>> de-identification.  However, participants on the call today didn't
>> think the removal of the term weakened that provision.
>> De-identification already requires technical processes to ensure that
>> *no one* can re-identify the data; the non-normative language simply
>> notes other prophylactic steps that can be taken to address the
>> persistent possibility of reidentification in the future.
>>
>
> For the record: I do not object to the removal of  the term "tracking
> data". I specifically provided alternative wordings that would allow for
> its removal while retaining the intent and scope of the text. I have always
> been of the opinion that we can have a good spec without such a term, even
> though it might be helpful for getting there.
>
> The core of my objection is that in the new text the obligation for having
> "business processes" that preven re-identification could be read narrowly
> and would not prevent sharing de-identified data with a non-compliant party
> for the purpose of that party re-identifying that data. All while being
> able to claim DNT-compliance.
>
> Regards,
>
>  Walter
>
> P.S. in the IRC log I noticed " if I'm embedded in the NYT and remember
> the user's visit to the NYT, that's not by itself tracking, I think.". I
> think that is a clear-cut case of tracking. A DNT-compliant third party
> embedded on the NYT website should basically ignore any information of me
> being on that site (while sending DNT:1) unless necessary for and confined
> to a permitted use, let alone which article. Like Shane correctly pointed
> out, rate-limiting is a permitted use, but that is not dependent on me
> being on the NYT website.
>
>

Received on Thursday, 9 April 2015 14:39:35 UTC