Re: D-AG0020 Privacy (was Re: WS Privacy) from Rigo Wenning on 2002-03-27 (www-ws-arch@w3.org from March 2002)

From: Rigo Wenning <rigo@w3.org>
Date: Wed, 27 Mar 2002 13:42:46 +0100
To: Joseph Hui <jhui@digisle.net>
Cc: Hugo Haas <hugo@w3.org>, www-ws-arch@w3.org
Message-ID: <20020327124246.GF1199@localhost>
Joseph is right here. Privacy or data protection only concern personal
data. What is personal data? One of the most comprehensive definitions
is the one from the EU data protection directive:

(26) Whereas the principles of protection must apply to any information
concerning an identified or  identifiable person; whereas, to determine
whether a person is identifiable, account should be  taken of all the
means likely reasonably to be used either by the controller or by any
other person  to identify the said person; whereas the principles of
protection shall not apply to data rendered  anonymous in such a way
that the data subject is no longer identifiable; whereas codes of
conduct  within the meaning of Article 27 may be a useful instrument for
providing guidance as to the ways  in which data may be rendered
anonymous and retained in a form in which identification of the data
subject is no longer possible;[1]

P3P has adapted this to it's specific needs:
<NON-IDENTIFIABLE/>
This element signifies that either no data is collected (including Web
logs), or that the organization collecting the data will anonymize the
data referenced in the enclosing STATEMENT. In order to consider the
data "anonymized", there must be no reasonable way for the entity or a
third party to attach the collected data to the identity of a natural
person. Some types of data are inherently anonymous, such as
randomly-generated session IDs. Data which might identify natural people
in some circumstances, such as IP addresses, names, or addresses, must
have a non-reversible transformation applied in order be considered
"anonymized".  An example of a non-reversible transformation is removing
the last seven bits of an IP address and replacing them with zeros. This
transformation must be applied to all copies of the data, including
those that might be stored on backup media. An algorithm that replaces
identified data with unique corresponding values from a table is not
considered non-reversible. In addition, a one-way cryptographic hash
would not be considered non-reversible if the set of possible data
values is small enough that all possible hashed values can be generated
and compared with the value that someone is attempting to reverse.[2]

This might give you some directions on what you should care about. If
there are further questions, don't hesitate to ask.

  1. http://europa.eu.int/eur-lex/en/lif/dat/1995/en_395L0046.html
  2. http://www.w3.org/TR/P3P/#NON-IDENTIFIABLE

Best, 
-- 
Rigo

On Tue, Mar 26, 2002 at 12:59:28PM -0800, Joseph Hui wrote:
> Hi Hugo,
> 
> Bravo!
> I'm very gratified that you've decided to take on the task.
> 
> I have no issues with the D-AG0020 goal statement as-is.
> 
> On the second CSF, 
> >   - Data provision during Web services transactions should be
> >     minimized.
> >     (in order to avoid consumer tracking)
> I'd like to suggest adding "private"
> or "personal" to "Data provision" to avoid
> a paradox between D-AG0018 and D-AG0020.  
> D-AG0018, having to do with diagnostic instrumentation,
> is prone to maximizing data collection.
> Also, I wouldn't mind not seeing the "(in order to
> avoid consumer tracking)" text in our formal document.
> Arguments can be made for "consumer tracking" being
> not necessarily a bad thing.  Not all merchants are
> in the business of privacy invasion.  Consumer tracking
> can be an effective means for merchants to improve their
> services, which is quite alright for consumers at large,
> **so long as the consumers can opt out at will**.  
> Thus it follows that it will be critical to design into
> the WS-Arch some privacy related opt-out features.
> Therefore, I'd suggest the second CSF be modified to:
> 
>     - Private data provision during a Web service transaction
>       should not exceed the consumer's consent, where the
>       consumer must be provided with reasonable means for
>       opt-out.
> 
> Cheers,
> 
> Joe Hui
> Exodus, a Cable & Wireless service
> ============================================
> 
> > -----Original Message-----
> > From: Hugo Haas [mailto:hugo@w3.org]
> > Sent: Monday, March 25, 2002 1:39 PM
> > To: www-ws-arch@w3.org
> > Cc: Rigo Wenning
> > Subject: D-AG0020 Privacy (was Re: WS Privacy)
> > 
> > 
> > [ I am hereby claiming number 0020 for the privacy goal; it seems that
> >   nobody used it until now. ]
> > 
> > Following up on Rigo's email, I would like to try and summarize the
> > privacy discussion by proposing the following goal:
> > 
> >   enables privacy protection of the consumer of a Web service across
> >   domains and services.
> > 
> > This is the goal that I proposed earlier[1] in the thread, and I think
> > that Rigo answered Joe's concerns[2].
> > 
> > Borrowing from Rigo's email, I would list the following critical
> > success factors:
> > 
> >   - Is it possible for a service consumer to know the privacy policies
> >     of the service provider(s) that it is going to deal with?
> >     (a.k.a. hooks for P3P)
> > 
> >   - Data provision during Web services transactions should be
> >     minimized.
> >     (in order to avoid consumer tracking)
> > 
> > As noted before in this tread, D-AG0020 is related no AG0006 since
> > confidentiality is part both of security and privacy.
> > 
> > Regards,
> > 
> > Hugo
> > 
> >   1. http://lists.w3.org/Archives/Public/www-ws-arch/2002Mar/0336.html
> >   2. http://lists.w3.org/Archives/Public/www-ws-arch/2002Mar/0341.html
> > -- 
> > Hugo Haas - W3C
> > mailto:hugo@w3.org - http://www.w3.org/People/Hugo/ - 
> > tel:+1-617-452-2092
> > 
> >
Received on Wednesday, 27 March 2002 07:48:48 UTC