- From: Nick Doty <npdoty@w3.org>
- Date: Fri, 6 Nov 2015 00:47:51 -0800
- To: "public-tracking@w3.org" <public-tracking@w3.org>
- Message-Id: <878415B8-3CE3-4490-8BDC-E5B960FAA3C2@w3.org>
Discussion in the Working Group has suggested that we cannot achieve consensus on any particularly specified timeframe for retention. However, general requirements do insist on definite time periods being publicly disclosed and that retention must be proportionate and reasonably necessary. The larger comment here seems to be about relying on "reasonableness" which is "decided unilaterally by the companies involved". While it is true that organizations that assert compliance with this specification do not assert compliance with a particular timeframe for retention (or other measures regarding de-identification, minimization, security, etc.), that doesn't mean that every measure is "decided unilaterally". Enforcement is not determined by posting of this compliance document, but by various measures including regulatory and self-regulatory groups. Those groups can determine when documented practices are unreasonable or disproportionate to a use. Proposal: no change. —npd > On Nov 5, 2015, at 10:41 PM, Tracking Protection Working Group Issue Tracker <sysbot+tracker@w3.org> wrote: > > tracking-ISSUE-275: length of retention periods [TCS Last Call] > > http://www.w3.org/2011/tracking-protection/track/issues/275 > > Raised by: Lee Tien > On product: TCS Last Call > > https://lists.w3.org/Archives/Public/public-tracking-comments/2015Oct/0009.html >> - potentially allowing extremely long retention periods for the above types of data > > And specifically notes concerns with reasonableness test for this.
Received on Friday, 6 November 2015 08:47:54 UTC