- From: Thomas Schauf <schauf@bvdw.org>
- Date: Wed, 26 Jun 2013 16:03:26 +0000
- To: "Roy T. Fielding" <fielding@gbiv.com>, "public-tracking@w3.org Mailing List" <public-tracking@w3.org>
On issue 188 the existing text in sec. 2.8 is pretty unclear: "has achieved a reasonable level of justified confidence" I would like to make a proposal which is more European/German legal language: Data is deidentified when a party: 1. data that has been collected, altered or otherwise processed so that it of itself cannot be attributed to a data subject without the use of additional data which is subject to separate and distinct technical and organisational controls to ensure such non attribution, or that such attribution would require a disproportionate amount of time, expense and effort. KR, Thomas Thomas Schauf Head of European & International Affairs Bundesverband Digitale Wirtschaft (BVDW) e.V. - German Association for the Digital Economy Berliner Allee 57, D-40212 Düsseldorf Fon: +49 (0)211 600456-16 Fax: +49 (0)211 600456-33 schauf@bvdw.org www.bvdw.org President: Matthias Ehrlich Vice-Presidents: Christoph N. v. Dellingshausen, Harald R. Fortmann, Achim Himmelreich, Ulrich Kramer, Burkhard Leimbrock Managing Director: Tanja Feller Local Court Düsseldorf, VR 8358 __________________________________________________ The contents of this email is solely for the intended addressee. If you received this e-mail received erroneously, please immediately notify the sender. Please delete this e-mail entirely. -----Ursprüngliche Nachricht----- Von: Roy T. Fielding [mailto:fielding@gbiv.com] Gesendet: Mittwoch, 26. Juni 2013 10:16 An: public-tracking@w3.org Mailing List Betreff: June Change Proposal, de-identified This is ISSUE-188 The definition of de-identified does not capture the discussion we had on list regarding anonymous data and the unnecessary burden of contracts. It also uses old terms like "consumer" and "computer" that we don't need, and is phrased in terms of the process of de-identification (what a party must do) rather than the state of the data after de-identification has completed. Existing text in Sec 2.8: ============================ Data is deidentified when a party: 1. has achieved a reasonable level of justified confidence that the data cannot be used to infer information about, or otherwise be linked to, a particular consumer, computer, or other device; 2. commits to try not to reidentify the data; and 3. contractually prohibits downstream recipients from trying to re-identify the data. ============================ Replacement: ============================ A data set is considered de-identified when there exists a reasonable level of justified confidence that the data within it cannot be used to infer information about, or otherwise be linked to, a particular user. ============================ ....Roy
Received on Wednesday, 26 June 2013 16:03:55 UTC