RE: ACTION-286: Propose DAA text regarding de-identification (for unlinkability discussion) from TOUBIANA, VINCENT (VINCENT) on 2012-11-15 (public-tracking@w3.org from November 2012)

From: TOUBIANA, VINCENT (VINCENT) <Vincent.Toubiana@alcatel-lucent.com>
Date: Thu, 15 Nov 2012 23:10:41 +0100
To: David Wainberg <david@networkadvertising.org>
CC: "public-tracking@w3.org" <public-tracking@w3.org>
Message-ID: <4D30AC7C2C82C64580A0E798A171B4445D2C477238@FRMRSSXCHMBSD1.dc-m.alcatel-lucent.c>

David,

All the permitted uses remain possible if you only hash the IDs. Also, I don’t believe that the issues that have been pointed out previously (data breach, rogue engineers, data transferred to another party) are addressed if you just hash cookie IDs and IP addresses. I’d like to know which threat you think such de-identification process would address?

Recall that these data will be sanitized after 6 weeks and can still be kept ‘unsanitized’ for a longer period to fulfill permitted uses. Again, it would really help to have an example of the type of reporting that you’d like to do after 6 weeks, which is not covered by a permitted use and could not be done with N-unlinked data. That would be useful to evaluate the loss of value of the data.

I’m sorry to answer to your question with other questions, but I think that we can find a compromise here since the spec already allows some permitted uses.

Thank you,

Vincent

For the record, ‘unlinkability’ and ‘pseudonimity’ are already defined in the standard ISO/IEC 15408-2. Maybe we could use this terminology?

________________________________________
From: David Wainberg [david@networkadvertising.org]
Sent: Thursday, November 15, 2012 6:35 PM
To: Lauren Gelman
Cc: Ed Felten; Rachel Thomas; public-tracking@w3.org; Louis Mastria; Chris Mejia (chris.mejia@iab.net); Mike Zaneis; mgroman@networkadvertising.org; Brendan Riordan-Butterworth (Brendan@iab.net)
Subject: Re: ACTION-286: Propose DAA text regarding de-identification (for  unlinkability discussion)

On 11/15/12 11:35 AM, Lauren Gelman wrote:
>
> So Jonathan's definition is cleaner because it gives industry a bright
> line definition of how to comply-- which I know my clients prefer.
>  But my sense is that both accomplish the same thing.
>
>
I disagree that it's cleaner. But that aside, my question to proponents
of Jonathan's definition is whether you believe the efforts required to
unlink data, and the subsequent loss of value of the data, should be
proportionate to the risks associated with the data. If so, what's your
measure of the proportionality?

Received on Thursday, 15 November 2012 22:11:20 UTC