- From: Roy T. Fielding <fielding@gbiv.com>
- Date: Thu, 9 Apr 2015 10:01:09 -0700
- To: Walter van Holst <walter@vanholst.com>
- Cc: "public-tracking@w3.org" <public-tracking@w3.org>
Walter, this text is an example within a non-normative section and the text removed was an "or" clause that is impossible under our definition of permanently de-identified. Removing the text strengthens the example. Nothing in that section is an obligation. I don't have a problem with adding more text to the example to include downstream agreements, but that certainly has nothing to do with the text deleted. It would be a new addition (we previously discussed and rejected normative requirements on downstream recipients). It cannot be an obligation because most permanently de-identified data sets are just summary counts that cannot be re-identified and it would be insane to require downstream agreements on things like hit counters. Hence, the normative requirements are sufficient to protect users, in general, while the examples make suggestions regarding data that might not be simple counters. This does not weaken the protections in any way— the normative requirements already cover those cases. ....Roy > On Apr 9, 2015, at 5:47 AM, Walter van Holst <walter@vanholst.com> wrote: > >> On 2015-04-08 21:50, Justin Brookman wrote: >> >> Walter had previously objected on the mailing list to removing >> "tracking data" from the non-normative discussion of >> de-identification. However, participants on the call today didn't >> think the removal of the term weakened that provision. >> De-identification already requires technical processes to ensure that >> *no one* can re-identify the data; the non-normative language simply >> notes other prophylactic steps that can be taken to address the >> persistent possibility of reidentification in the future. > > For the record: I do not object to the removal of the term "tracking data". I specifically provided alternative wordings that would allow for its removal while retaining the intent and scope of the text. I have always been of the opinion that we can have a good spec without such a term, even though it might be helpful for getting there. > > The core of my objection is that in the new text the obligation for having "business processes" that preven re-identification could be read narrowly and would not prevent sharing de-identified data with a non-compliant party for the purpose of that party re-identifying that data. All while being able to claim DNT-compliance. > > Regards, > > Walter > > P.S. in the IRC log I noticed " if I'm embedded in the NYT and remember the user's visit to the NYT, that's not by itself tracking, I think.". I think that is a clear-cut case of tracking. A DNT-compliant third party embedded on the NYT website should basically ignore any information of me being on that site (while sending DNT:1) unless necessary for and confined to a permitted use, let alone which article. Like Shane correctly pointed out, rate-limiting is a permitted use, but that is not dependent on me being on the NYT website. >
Received on Thursday, 9 April 2015 17:01:37 UTC