See also: IRC log
board: the questions from http://www.w3.org/wiki/Privacy/DNT-Breakouts
plus the FTC definition: data is not “reasonably linkable” to the extent that a company: (1) takes reasonable measures to ensure that the data is de-identified;
(2) publicly commits not to try to reidentify the data; and
(3) contractually prohibits downstream recipients from trying to re-identify the data.
speaking about 3) - contractually prohibits…
ed: a concern may be under 3) that if you make the data public you may not be in a position where you can have a contract
the case: a company is OK privacy-wise, but someone says - aha, you don't have a contract with the public under point 3)
ed: you can put it in terms of use
focusing on 1)
regarding examples - question 3
finding examples of OK and not OK
Lou: some of the stuff Thomas Schauf was presenting would provide some examples of OK
looking at t. schauf's slides to better understand pseudonyomous data
jmayer - short term browsing history is no privacy concern is probably undermined by research at this point
ed: browser history linked to a cookie id is not unlinkable data
ionel: not sure why as using a random id then a "transformed" id linked to the same data is basically the same thing
lou: what is the problem we're trying to solve>
?
what is the privacy harm after we take the PII out?
ed: remaining info can be
potentially be linked back to the user
... question is the level to go to to actually be
unidentifiiable
each harm will have different risk mitigation techniques
we're in a scenario where we're trying to override a choice by being sure that the user's data is not going to be compromised
jmayer: focus is on understanding cases where privacy risks are not there
we can avoid the harm discussion for the purposes of deidentification
lou: are we defining "not tracking"?
ed: no
we're trying to say confidently that whatever the user was trying to do when activating DNT is not affected
chris: browsing history can include sensitive info
on the board: not compliant - still have PII
jmayer: do we have consensus that if any of the urls happen to have usernames, names, etc, then this info is not unidentifiable?
lou: yes
jmayer: if we have a reasonable risk that pii is iincluded, can you count that info as not unidentifiable or not?
example: you collect a bunch of stuff and you know that this may include usernames or email addresses
lou - don't know
ed: is there a justifiable level of justified confidence that the URL does not include info that could lead back to the user?
chris: I've heard some consumer groups saying that a URL history by itself may pose threats even without PIIs
lou: in the sensitive stuff we take the PII out
ed: for people compliant with DAA
Lou: we look at the whole market
so it would apply to the market
ed: the URLs may have all kind of info packed into them
one easy example is to connect this data to a cookie id that is still alive
lou: how easy is to infer info from the URLs?
jmayer: the point of the category is to set aside business concerns, legal concerns
lou: I agree - once we get to the definition and get the PII out we get to the clear road of "this is what we're looking for"
Chris: I can understand the argument that sometimes it can contain PII, although in practice it may be difficult
ed: hard in practice to identify what's sensitive in the URL history
jmayer: removing PII and would probably be not enough either
lou: we also need to look at the contractual obligations - we don't want to go into the same trap as with P3P
the definition on board speaks to that: for a good actor this is something they live on, and for a bad actor FTC takes care of it
ed: but even in the room we haven't agreed on some of the meanings in some cases
board: url history alone, unless there's a reasonable level of justified confidence that history does not contain any identifier
means not compliance
question 4: should the discussion mention pseudonymous data or we should just talk about the definition, or do we define pseudonymous data as such
This is scribe.perl Revision: 1.137 of Date: 2012/09/20 20:19:01 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: RRSAgent_Text_Format (score 1.00) No ScribeNick specified. Guessing ScribeNick: ionel Inferring Scribes: ionel WARNING: No "Topic:" lines found. Default Present: Jonathan_Mayer, +1.646.654.aaaa, +1.617.253.aabb Present: Jonathan_Mayer +1.646.654.aaaa +1.617.253.aabb WARNING: No meeting chair found! You should specify the meeting chair like this: <dbooth> Chair: dbooth Got date from IRC log name: 12 Feb 2013 Guessing minutes URL: http://www.w3.org/2013/02/12-dntc-minutes.html People with action items: WARNING: Input appears to use implicit continuation lines. You may need the "-implicitContinuations" option. WARNING: No "Topic: ..." lines found! Resulting HTML may have an empty (invalid) <ol>...</ol>. Explanation: "Topic: ..." lines are used to indicate the start of new discussion topics or agenda items, such as: <dbooth> Topic: Review of Amy's report[End of scribe.perl diagnostic output]