RE: ISSUE-198: Define new word for yellow state due to the fact that the process of de-identification spans all three states (red,yellow and green). from Shane Wiley on 2013-05-15 (public-tracking@w3.org from May 2013)

From: Shane Wiley <wileys@yahoo-inc.com>
Date: Wed, 15 May 2013 21:19:49 +0000
To: "rob@blaeu.com" <rob@blaeu.com>
CC: John Simpson <john@consumerwatchdog.org>, "Tracking Protection Working Group" <public-tracking@w3.org>
Message-ID: <DCCF036E573F0142BD90964789F720E31407D8BD@GQ1-MB01-02.y.corp.yahoo.com>
Rob,

Not much has changed on the tech side of the ad ecosystem (same approach we used 5 years ago) and the EU Data Protection Directive hasn't changed in that time either, so I'm curious what you see as justification for "adjustment"?

I don't believe we're as far apart as you've stated - but this is a two-way discussion so if one party feels we're miles apart then that perception trumps reality.

I believe much of this centers around the definitions of de-identification (we have fairly good support on the normative text) and more specifically how we each feel the definition can be fulfilled (non-normative text).  I see advocates edging towards the conservative side of the spectrum and my proposal is more in the middle to liberal side (again - that assessment is subjective and biased based on my position in the debate).

Since we lack the fundamental elements of "what is tracking?", "what are we attempting to solve for?", and "what user harms are we attempting to remove?" we find ourselves in a difficult place to find agreement on fundamentals and build from there.  That said, I believe the high-level approach to solving for a DNT standard that the co-chairs and W3C staff have put forward makes complete sense and we're zeroing in on the key issues (final document from the F2F).

Where I believe we agree (on this topic):

- Permitted Uses would be better distributed between the first two stages versus all of them appearing in the first stage - specifically the more controversial Permitted Uses of "Market Research" and "Product Development" (and I believe some of Financial will fit here as well).  I believe this is the key differentiator that provides the Working Group a path forward to consensus (or at least a path to "least objection")

- Transparency will be key - of both retention timeframes and the explanation of how these are proportional to the collection and use of that information.  I'm keenly interested in continuing the discussion on consumer disclosures in this area (as this is same for disclosures to Regulators and Consumer Advocates as well).

I'll save my often repeated points on unique IDs, technology realities, and compressed consensus timeframes as we approach June/July for another email chain.  :-)

- Shane 

-----Original Message-----
From: Rob van Eijk [mailto:rob@blaeu.com] 
Sent: Wednesday, May 15, 2013 2:01 PM
To: Shane Wiley
Cc: John Simpson; Tracking Protection Working Group
Subject: RE: ISSUE-198: Define new word for yellow state due to the fact that the process of de-identification spans all three states (red,yellow and green).


Shane, the search opinion is 5 years old, and in the light of technological develepments in the ad ecosystem, the concept of de-identification and anonymization are adjusted. For example wp29 gave guidance in the recent opinion on purpose limitation, and will continue to do so in the fortcoming opinion on open data and an opinion on anonymization techniques.

What you address is managing the risk of re-identification, which is part of accountability in my view as well. But that is not the point of this discussion. It is not just about the resulting dataset containing a risk of re-identification for everyone, no it is above all about the ability for a party to add new (tracking) data to previously collected data.

But your point is clear. This short discussion shows that our views are miles apart, and are therefore unlikely to be bridgeable.

I still think it is possible to map some permitted uses to the 3 states, and much depends I think, on the outcome on the discussion on Unique IDs, privacy by design principles and data retention.

Rob

Shane Wiley schreef op 2013-05-15 22:33:
> Rob,
> 
> Based on our meetings with the A29WP and DPAs throughout Europe, the 
> middle-state of the proposal I've put forward meets the de-identified 
> bar as with the appropriate controls (technical, operational,
> administrative) it is "likely reasonable" to consider the data 
> non-reverse engineer-able back to an identified state (A29WP Search 
> Engine Opinion from April 2008).  Note that this construct 
> appropriately comes with an Accountability dimension that allows 
> businesses the flexibility to architect their own solutions and drive 
> innovation in the marketplace.
> 
> The process of making data "unlinkable" could involve all 3-states but 
> could just as easily include just 1 or 2 depending on how the system 
> is designed.  I believe de-identification is a step towards 
> "unlinkable" not the other way around based on the FTC and DAA 
> definitions.
> 
> - Shane
> 
> 
> -----Original Message-----
> From: Rob van Eijk [mailto:rob@blaeu.com]
> Sent: Wednesday, May 15, 2013 1:08 PM
> To: John Simpson; Shane Wiley; Tracking Protection Working Group
> Subject: Re: ISSUE-198: Define new word for yellow state due to the 
> fact that the process of de-identification spans all three states 
> (red,yellow and green).
> 
> Shane,
> 
> I know you disagree, that is why we need this discussion on record. I 
> am open for a new word an invite you to propose a better word for the 
> yellow. De-identified aka not about a person anymore is a concern to 
> me that I expressed previously, because in the EU it is still 
> considered personal data. The best word in my vocabulary is 
> pseudonumous, since new data can still be linked to already collected 
> data. Having taken out identiying elements through data scrubbing is 
> not enough to make it anonymous. unlinkability is key here, hence the
> 3 state approach.
> 
> On the scope of the process of de-identification, in the 3 state 
> approach, the process includes the second step to make data unlinkable 
> through various anonymization techniques.
> 
> Looking forward to a new word and would like to learn if you disagree 
> if the process of de-identification includes all 3 states.
> 
> Rob
> 
> John Simpson schreef op 2013-05-15 21:50:
>> Shane,
>> I'm not sure I follow how raw data equates with pseudonymous data.
>> Could you please point me to definitions you're using so I can better 
>> understand what you mean here.
>> Thanks,
>> John
>> 
>> On May 15, 2013, at 12:40 PM, Shane Wiley <wileys@yahoo-inc.com>
>> wrote:
>> 
>>> Rob,
>>> 
>>> I strongly disagree and believe based on the current definitions of 
>>> pseudonymous being considered in the EU context, data in the Red 
>>> area can meet this definition.  Similarly, yellow data meets the 
>>> definition of de-identified in both the FTC and DAA contexts - 
>>> whereas "Unlinked"
>>> is a bit more debatable.
>>> 
>>> So I believe it's still appropriate to define these as:
>>> 
>>> Stage 1:  Raw/Pseudonymous
>>> Stage 2:  De-Identified
>>> Stage 3:  Unlinkable (or simply - Out of Scope)
>>> 
>>> As these terms has highly loaded in the regulatory context there 
>>> will continue to be significant sensitivity to naming conventions 
>>> here.
>>> This is similarly true of the color scheme proposed due to the 
>>> immediate traffic light connotations it invokes (green = good, 
>>> yellow = caution, red = bad).  I was okay (not happy) with using 
>>> colors in this manner but don't believe it's fair to over bias the 
>>> definitions of each phase based on an overly conservative read of 
>>> existing definitions.
>>> 
>>> - Shane
>>> 
>>> -----Original Message-----
>>> From: Rob van Eijk [mailto:rob@blaeu.com]
>>> Sent: Wednesday, May 15, 2013 12:03 PM
>>> To: Tracking Protection Working Group
>>> Subject: ISSUE-198: Define new word for yellow state due to the fact 
>>> that the process of de-identification spans all three states 
>>> (red,yellow and green).
>>> 
>>> 
>>> Dear group,
>>> 
>>> As discussed at the Face to Face and a previous thread [1], there is 
>>> confusion on the word de-identified data. We discussed the three 
>>> state model, that I introduced in Cambridge. The FTC text defines 
>>> unlinkability in terms of de-identification, which makes the term 
>>> de-identified applicable for the green state. The DAA text Due to 
>>> the fact that the process of de-identification spans up to the green 
>>> state when data is considered unlinkable, I would like to propose a 
>>> new term for the yellow domain.
>>> 
>>> <text proposal>
>>> 
>>> red data: raw data, event level data yellow data: pseudonumous data 
>>> green data: de-identified data
>>> 
>>> </text proposal>
>>> 
>>> 
>>> [1]
>>> http://lists.w3.org/Archives/Public/public-tracking/2013Mar/0147.htm

>>> l
>>> 
>>> Tracking Protection Working Group Issue Tracker schreef op
>>> 2013-05-15
>>> 20:47:
>>>> ISSUE-198: Define new word for yellow state due to the fact that 
>>>> the process of de-identification spans all three states (red,yellow 
>>>> and green).
>>>> 
>>>> http://www.w3.org/2011/tracking-protection/track/issues/198

>>>> 
>>>> Raised by:
>>>> On product:
>>>
Received on Wednesday, 15 May 2013 21:20:58 UTC