RE: Allowed uses of protocol data in first N weeks (ACTION-190) from SULLIVAN, BRYAN L on 2012-05-02 (public-tracking@w3.org from May 2012)

From: SULLIVAN, BRYAN L <bs3131@att.com>
Date: Wed, 2 May 2012 18:19:10 +0000
To: "ifette@google.com" <ifette@google.com>
CC: "public-tracking@w3.org Group WG" <public-tracking@w3.org>
Message-ID: <59A39E87EA9F964A836299497B686C350FEA20D4@WABOTH9MSGUSR8D.ITServices.sbc.com>
That seems more feasible, and captures the more limited intent of “the data must be controlled in such a way that only access to the data for these permitted exceptions is allowed”. I think that this results in a more effective focus, i.e. upon reasonable data access controls as defined and maintained by company-specific privacy practices.

Thanks,
Bryan Sullivan


From: Ian Fette (イアンフェッティ) [mailto:ifette@google.com]
Sent: Wednesday, May 02, 2012 10:01 AM
To: SULLIVAN, BRYAN L
Cc: public-tracking@w3.org Group WG
Subject: Re: Allowed uses of protocol data in first N weeks (ACTION-190)

I'm assuming it's applicable only to DNT:1.

I'm happy to drop the last sentence as I think that's what you're having issue with: "After the six week period has passed, only the subset of data necessary to accomplish the permitted exceptions in this specification may be retained, and the data must be controlled in such a way that only access to the data for these permitted exceptions is allowed." and replace it with "After the six week period has passed, all other requirements of the DNT specification apply."
On Wed, May 2, 2012 at 9:48 AM, SULLIVAN, BRYAN L <bs3131@att.com<mailto:bs3131@att.com>> wrote:
Just to be sure I understand the context, we are talking in these requirements *only* about protocol data retention by 3rd parties, and only in the context of a DNT=1 signal from the user which is/was applicable to the period in which the data is/was collected, right?

Even given that limited scope, I question the feasibility of detailed data logs being processed after a defined retention period, to remove info not allowed per the permitted uses. I would imagine that most companies which currently log such data for permitted uses would consider this a substantial impact to data management practices, and that cost would need to be addressed somehow.

I’m less concerned about limitations on *use* or *sharing* of logged data per a user’s historical DNT preference, as I would imagine that is conceptually simpler to implement (e.g. a log file / database retrieval system could check a user tracking preferences database prior to fulfilling a particular query), but I still think this will not be cheap or fast to be supported. But I could be way off on the effort estimate for this also – it could be much more complex than that.

I would like to hear from other SPs on the feasibility of these impacts.

Thanks,
Bryan Sullivan

From: Ian Fette (イアンフェッティ) [mailto:ifette@google.com<mailto:ifette@google.com>]
Sent: Wednesday, May 02, 2012 8:48 AM
To: public-tracking@w3.org<mailto:public-tracking@w3.org> Group WG
Subject: Allowed uses of protocol data in first N weeks (ACTION-190)

On last week's call, I took an action to write a proposal for protocol data in the first N weeks (ACTION-190 and ISSUE-142).

My proposed text would be as follows, comments welcome:

Protocol data, meaning data that is transmitted by a user agent, such as a web browser, in the process of requesting content from a provider, explicitly including items such as IP addresses, cookies, and request URIs, MAY be stored for a period of 6 weeks in a form that might not otherwise satisfy the requirements of this specification. For instance, the data may not yet be reduced to the subset of information allowed to be retained for permitted uses (such as fraud detection), and technical controls limiting access to the data for permitted uses may not be in place on things like raw logs data sitting on servers waiting for processing and aggregation into a centralized logs storage service.

Within this six week period, a data collector MUST NOT share data with other parties in a manner that would be prohibited outside of the six week period. Similarly, a data collector MUST NOT use the data to build any profile, or associate the data to any profile, of a user used for purposes other than would be allowed outside of the the six week period. As examples, a data collector MAY use the raw data within a six week period to debug their system, a data collector MAY use the raw data within the six week period to build a profile of a user fraudulently or maliciously accessing the system for purposes such as blocking access to the system by that user, but the data collector MUST NOT build a profile to serve targeted advertisements based on the user's past six weeks of browsing activity.

After the six week period has passed, only the subset of data necessary to accomplish the permitted exceptions in this specification may be retained, and the data must be controlled in such a way that only access to the data for these permitted exceptions is allowed.
Received on Wednesday, 2 May 2012 18:20:23 UTC