- From: Roy T. Fielding <fielding@gbiv.com>
- Date: Thu, 9 Apr 2015 12:24:12 -0700
- To: Walter van Holst <walter@vanholst.com>
- Cc: Justin Brookman <jbrookman@cdt.org>, public-tracking@w3.org
On Apr 9, 2015, at 7:48 AM, Walter van Holst wrote: > On 2015-04-09 16:38, Justin Brookman wrote: >> Right, this is a different issue than the use of the term "tracking >> data." Contractual agreements with third parties to not try to >> reidentify data sets are one way to ensure that deidentified data >> stays that way. For example, the FTC's test for deidentification is >> (1) a reasonable belief that the data can't be reidentified, (2) a >> commitment not to reidentify, and (3) a commitment not to reidentify >> from everyone you give the data set to. >> I personally would be fine adding language about this to this >> non-normative guidance --- would just adding "and agreements" to the >> second bullet do it? > > Substitute "agreements" with safeguards and put in non-normative language that safeguards may be provided through agreements and we're closer to meaning and scope of the original text again. Technical safeguards are mentioned in the first bullet. I am fine with Justin's addition of agreements to the second bullet (even though it has nothing to do with the removal of "original tracking data" that we have been discussing). I don't consider agreements to be a safeguard -- I thought the whole point of being a safeguard was that it is effective even if a business fails to uphold an agreement. Hence, the separate bullets. ....Roy
Received on Thursday, 9 April 2015 19:24:38 UTC