- From: Roy T. Fielding <fielding@gbiv.com>
- Date: Wed, 23 Jul 2014 11:49:16 -0700
- To: David Singer <singer@apple.com>
- Cc: Justin Brookman <jbrookman@cdt.org>, "public-tracking@w3.org List" <public-tracking@w3.org>
On Jul 23, 2014, at 10:22 AM, David Singer wrote:
> I understand your hesitation and share some of it. However, I feel that
> * de-identification has been defeated often enough that we cannot be sure people will always succeed
> * a user who is harmed should be able to work out who has responsibility: someone who defied a restriction on the data, or someone who made it available without that restriction.
>
> There are, alas, enough people out there who would try to engineer a situation in which it appears no-one is responsible ("we did our best to make it de-id’d”, “no-one said we couldn’t try to re-id”) that I think we need to close that chink somehow, formally.
The right way to do that is with an accurate definition and a separate
formal requirement on any party (or third party). Mixing the two results
in an incorrect definition due to the false negatives.
....Roy
Received on Wednesday, 23 July 2014 18:49:30 UTC