- From: TOUBIANA Vincent <vtoubiana@cnil.fr>
- Date: Fri, 18 Jul 2014 10:48:54 +0200
- To: "Mike O'Neill" <michael.oneill@baycloud.com>, <public-tracking@w3.org>
Hi Mike, First, sorry for the duplicated email, I thought my first email was lost. I responded to your questions bellow. > Does the definition allow a data set containing a single record to be classed as de-identified? So a subsequent transaction can be linked to a previous transaction, but as soon as the dataset contains more than one record it is no longer de-identified, and DNT:1 applies etc.? Thank you for the question, I was missing a point: I was only considering the use of de-identification related to data-minimization (section 3.3.1.2) so that would apply to a dataset of transaction. If data should be de-identified after each interaction --for DNT:1 not to apply-- then the transaction would not be considered de-identified when you can link it to previous a transaction. > By “record” I assume this means one instance of “tracking data” derived from an HTTP transaction e.g. [UID, Source IP, Url,…] Yes >If so then what happens if only one record is ever retained (just updated with a derived web activity score perhaps), in this case can web activity based profiling continue irrespective of DNT? Not sure I follow, if you have just the last visited URL for each Source IP then I don't think you can build a profile from that. I'm certainly missing something, so could you please detail your example? Best regards, Vincent >Mike From: TOUBIANA Vincent [mailto:vtoubiana@cnil.fr] Sent: 16 July 2014 17:19 To: public-tracking@w3.org Subject: RE: Deidentification (ISSUE-188) I’d like to propose a definition of de-identification which is closer to the concept of anonymization defined in the Article 29 Opinion (http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp216_en.pdf). A data-set is de-identified when it is no longer possible to: - - isolate some or all records which correspond to a device in the dataset, - - link, at least, two records concerning the same device, - - deduce, with significant probability, the value of an attribute from the values of a set of other attributes. The third criteria may -- in some cases -- go beyond de-identification but the first two are, in my opinion, required to limit re-identification risks. Best regards, Vincent Toubiana De : Justin Brookman [mailto:jbrookman@cdt.org] Envoyé : mercredi 16 juillet 2014 04:47 À : public-tracking@w3.org (public-tracking@w3.org) Objet : Deidentification (ISSUE-188) All, I have updated the wiki (https://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_Deidentification) to reflect what I *think* are the active change proposals on data minimization. If I incorrectly culled yours --- or you wish to propose different language --- please let us know! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (MingW32) Comment: Using gpg4o v3.3.26.5094 - http://www.gpg4o.com/ Charset: utf-8 iQEcBAEBAgAGBQJTx+kiAAoJEHMxUy4uXm2J0y0IALIsz8sPsMeAUM2OhEPwU8tz sc49sIWgsvPu5dR4OWgOsnZbcZGH9VM/tIHOeJcKyM5DatBgDVOl7/ZtqwkAN+gt +tiKZZsU9gbJ82Ri9S9PjCCWu/TfYmQES4P/BLrd32LPrhwG6l95qEp2/G5LTRd0 z3p3mhlsmqZvHh3RmVfbsiWv+79NIY4fpcl1FWpal9s+DoUHrDohe/NhbGf+IEnd O9A5TQPosGOtEynPj5Mu64bWSG/oG4UD2N2KlKc2yFbS4bF+Jx6XVuDZKgNlehUg TN0avUUBOShuhBnk0rZYf2lKd6NmH0dR1QS6akvm0HPAwdyj5GvRxfh0w3mQoJ0= =ff5S -----END PGP SIGNATURE-----
Received on Friday, 18 July 2014 08:49:28 UTC