RE: ACTION-75: Write-up a hybrid of Do Not Profile and Do Not Cross-Site Track from Shane Wiley on 2012-02-09 (public-tracking@w3.org from February 2012)

From: Shane Wiley <wileys@yahoo-inc.com>
Date: Thu, 9 Feb 2012 13:08:39 -0800
To: John Simpson <john@consumerwatchdog.org>
CC: Rigo Wenning <rigo@w3.org>, "public-tracking@w3.org" <public-tracking@w3.org>, JC Cannon <jccannon@microsoft.com>
Message-ID: <63294A1959410048A33AEE161379C8023D0C8ACD73@SP2-EX07VS02.ds.corp.yahoo.com>

John,

The IP Address is only one field within a log file though.  Yahoo! is anonymize at 6 months.  :)

- Shane

From: John Simpson [mailto:john@consumerwatchdog.org]
Sent: Thursday, February 09, 2012 11:44 AM
To: Shane Wiley
Cc: Rigo Wenning; public-tracking@w3.org; JC Cannon
Subject: Re: ACTION-75: Write-up a hybrid of Do Not Profile and Do Not Cross-Site Track

Doesn't Microsoft delete IP addresses after six months? Google "anonymize" after nine months? And yahoo "anonymize" after 90 days?

On Feb 9, 2012, at 9:16 AM, Shane Wiley wrote:

If we're going to use arbitrary time spans for retention, I would recommend that we leverage 18 months as the standard.  This is the time Google, MSFT, and Yahoo! currently use for search logs and have shared this policy with all of the EU DPAs and A29WP.  As the advocates in this working group will likely share the perspective of wanting this to be lower in common with EU DPAs, it's a helpful starting point.  Otherwise we can stop using arbitrary numbers and leverage minimization principles instead - which I personally believe are the better standard to apply to varied business models and can stand the test of time and innovation.

- Shane

-----Original Message-----
From: Rigo Wenning [mailto:rigo@w3.org]
Sent: Thursday, February 09, 2012 9:06 AM
To: public-tracking@w3.org<mailto:public-tracking@w3.org>
Cc: JC Cannon
Subject: Re: ACTION-75: Write-up a hybrid of Do Not Profile and Do Not Cross-Site Track

I concur JC,

On Tuesday 07 February 2012 18:51:27 JC Cannon wrote:

It seems that we are still conflating collection with receipt of logs by a
server and processing of those logs for placement in a profile or
otherwise.

I believe we all agreed that web servers must be able to receive logs in
order for the Internet to work as it does. I would like to propose that the
mere receipt of logs by a web server should not be considered collection or
be constrained by the rules of collection.

However, any processing of the logs should be considered collection and be
governed by our DNT standard.

Inasmuch as the logs will include a DNT signal, any retention policy that
comes out of our standard should apply to those logs.

Whereas 22 of the ePrivacy Directive says:

The prohibition of storage of communications and the related traffic data by
persons other than the users or without their consent is not intended to
prohibit any automatic, intermediate and transient storage of this information
in so far as this takes place for the sole purpose of carrying out the
transmission in the electronic communications network and provided that the
information is not stored for any period longer than is necessary for the
transmission and for traffic management purposes, and that during the period of
storage the confidentiality remains guaranteed. Where this is necessary for
making more efficient the onward transmission of any publicly accessible
information to other recipients of the service upon their request, this
Directive should not prevent such information from being further stored,
provided that this information would in any case be accessible to the public
without restriction and that any data referring to the individual subscribers
or users requesting such information are erased.

As long as we talk about some defaults for retention and logging for the
purpose of carrying out the communication, we shouldn't prevent logging. I
think our task is beyond. We MAY give some hint when we believe those logs are
not necessary anymore.

So while writing logs is collection of data, we may declare normal web logs
out of scope as long as they do not serve to build profiles and as long as they
have some expiry set. (One may be as scared about logs that last forever then
I would be scared about profile creation)

Consequently, a third party that is not in an outsourcing context may not
collect data beyond normal web logs and should anonymize or erase those logs
after 60 Days (just to throw in some arbitrary count) This would be my
suggestion.

Best,

Rigo

----------
John M. Simpson
Consumer Advocate
Consumer Watchdog
1750 Ocean Park Blvd. ,Suite 200
Santa Monica, CA,90405
Tel: 310-392-7041
Cell: 310-292-1902
www.ConsumerWatchdog.org<http://www.ConsumerWatchdog.org>
john@consumerwatchdog.org<mailto:john@consumerwatchdog.org>

Received on Thursday, 9 February 2012 21:09:30 UTC