Re: tracking-ISSUE-270: deidentification and compliance with regulations [TCS Last Call] from Nick Doty on 2015-11-06 (public-tracking@w3.org from November 2015)

From: Nick Doty <npdoty@w3.org>
Date: Fri, 6 Nov 2015 00:45:59 -0800
To: "public-tracking@w3.org" <public-tracking@w3.org>
Message-Id: <EB451FE8-84EC-432F-94B6-D4CFDA5F0855@w3.org>

As in the case of issue-268, it's understood that asserting compliance with the Tracking Compliance and Scope document does not automatically mean compliance with all relevant regulations. It's not clear why this is particularly notable for de-identification, although we do already note in the non-normative considerations section some examples of cases where de-identification procedures may not be successful.

Proposal: no change, but see ISSUE-268 for proposal of Note to documentation page.

—npd

> On Nov 5, 2015, at 10:33 PM, Tracking Protection Working Group Issue Tracker <sysbot+tracker@w3.org> wrote:
> 
> tracking-ISSUE-270: deidentification and compliance with regulations [TCS Last Call]
> 
> http://www.w3.org/2011/tracking-protection/track/issues/270
> 
> Raised by: Rob van Eijk
> On product: TCS Last Call
> 
> https://lists.w3.org/Archives/Public/public-tracking-comments/2015Oct/att-0003/20151001_Ares_2015_4048580_W3C_compliance.pdf
> 
> The Working Party suggests including the following language: ‘In cases where the process of de-identification of (personal) data is not properly assessed against privacy risks and the possibility of identification of users cannot be excluded, compliance with this specification does not mean compliance with other legislative law and/or regulations.’
> 
> Related to issue-268 (compliance with regulations)

Received on Friday, 6 November 2015 08:46:02 UTC