RE: Poll text call: final text by 28 September from TOUBIANA, VINCENT (VINCENT) on 2012-10-02 (public-tracking@w3.org from October 2012)

From: TOUBIANA, VINCENT (VINCENT) <Vincent.Toubiana@alcatel-lucent.com>
Date: Tue, 2 Oct 2012 11:54:32 +0200
To: "ifette@google.com" <ifette@google.com>, Nicholas Doty <npdoty@w3.org>
CC: "public-tracking@w3.org Group WG" <public-tracking@w3.org>, Justin Brookman <jbrookman@cdt.org>, "Aleecia M. McDonald" <aleecia@aleecia.com>
Message-ID: <4D30AC7C2C82C64580A0E798A171B4445AD94F2A3C@FRMRSSXCHMBSD1.dc-m.alcatel-lucent.c>

Ian,

I’m not sure I understand how you could explain that the X weeks data have not been used for a prohibited purpose. The way I see it, as long as you keep all the data during X weeks you can not show that it can not be used for some purpose.
If it’s just to support aggregate reporting, maybe we could simply reduce the authorized retention time for this permitted use to 6 weeks?

Thanks,
Vincent


________________________________
De : Ian Fette (イアンフェッティ) [mailto:ifette@google.com]
Envoyé : lundi 1 octobre 2012 03:06
À : Nicholas Doty
Cc : public-tracking@w3.org Group WG; Justin Brookman; Aleecia M. McDonald
Objet : Re: Poll text call: final text by 28 September


If you restrict uses to a given set in the 6 week period, then presumably you need to be able to prove data was only used during that period for those purposes. You then need all the same systems in place from time zero, so it's not clear this buys you anything at all. Changing it around to be a blacklist model during this period (you cannot do X) makes it much easier to show compliance.
On Sep 30, 2012 4:43 PM, "Nicholas Doty" <npdoty@w3.org<mailto:npdoty@w3.org>> wrote:
On Sep 29, 2012, at 10:48 PM, Aleecia M. McDonald <aleecia@aleecia.com<mailto:aleecia@aleecia.com>> wrote:


My only question on Justin's text below is about the wording "communication to a third party" -- that suggests communication to a first party or a service provider is permissible. I think the intent is "communication to another party." If so, is that an acceptable change?

Nick, in particular: does Justin's language capture what you had intended?

I don't think so, and I'm not sure I understand the motivation behind that change. I was picking up on the suggestion from Vincent that uses during the short-term logging period would be simply making data unlinkable or any of the existing permitted uses. Creating an additional sub-list of practices allowed or prohibited during the short-term period seems like unnecessary confusion. Also, are there any additional uses that the group wishes to allow during the short-term period beyond the existing permitted uses and making data unlinkable? If so, what are those uses and why wouldn't those uses be part of the list of permitted uses?

Thanks,
Nick

On Sep 28, 2012, at 6:59 PM, Justin Brookman <jbrookman@cdt.org<mailto:jbrookman@cdt.org>> wrote:


I would expand Option 1 to say (something like):

Operators MAY retain data related to a communication in a third-party context for up to 6 weeks. During this time, operators may render data unlinkable (as described above), perform processing of the data for any of the other permitted uses, or perform any other processing that does not result in the transfer of information related to the particular user or communication to a third party, or alteration of the user's individual experience.

(I believe this is more consistent with Ian's original formulation, though it's possible he has since changed his mind.  Obviously, as David Wainburg points out, this language is contingent upon the scope permitted uses and the definition of whatever replaces unlinkable.)
________________________________
From: Aleecia M. McDonald [mailto:aleecia@<mailto:aleecia@>aleecia.com<http://aleecia.com/>]
To: public-tracking@w3.org<mailto:public-tracking@w3.org> (public-tracking@w3.org<mailto:public-tracking@w3.org>) [mailto:public-<mailto:public->tracking@w3.org<mailto:tracking@w3.org>]
Sent: Tue, 25 Sep 2012 18:20:57 -0500
Subject: Poll text call: final text by 28 September

>From the call on 12 September, we discussed topics where we have increasing clarity on options for permitted uses. I want to make sure we have the text right to reflect our options prior to doing a decision process with a poll calling for objections, which is responsive to Ian's feedback. We also want to move quickly, as Roy suggests.

Please propose specific alternative text if you believe that the two texts given below do not reflect the options before us by Friday, 28 September. We will briefly review these texts on the call tomorrow, just to make sure no one misses anything, and here we are on the mailing list, for those who cannot make the call.

Aleecia

-----
Log files: issue-134
----

This normative text fits into the section on Third Party Compliance, subsection 6.1.1.1, Short Term Collection and Use, <http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html#short-term>. We will also want non-normative text, and have some suggested, but that will be clearer once we have the normative text settled. (Options for definitions of unlinkable data are in section 3.6, Unlinkable Data, <http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html#def-unlinkable>.)

Option 1:
Operators MAY retain data related to a communication in a third-party context for up to 6 weeks. During this time, operators may render data unlinkable (as described above) or perform processing of the data for any of the other permitted uses.

Option 2:
Operators MAY retain data related to a communication in a third-party context. They MUST provide public transparency of their data retention period, which MUST have a specific time period (e.g. not infinite or indefinite.) During this time, operators may render data unlinkable (as described above) or perform processing of the data for any of the other permitted uses.

Received on Tuesday, 2 October 2012 09:56:17 UTC