- From: Rob van Eijk <rob@blaeu.com>
- Date: Thu, 14 Aug 2014 11:08:18 +0200
- To: David Singer <singer@apple.com>
- Cc: Justin Brookman <jbrookman@cdt.org>, <public-tracking@w3.org>, "Mike O'Neill" <michael.oneill@baycloud.com>
The text you propose connects the state of a permanently de-identified dataset to the possibility of identifying a user/user-agent or device. I think limiting the approach to identification is way too limited. What is not covered is for example: - the sharing (for e.g. data enrichment and data correlation). - the application of de-identified data to the individusl user/user agent/device (for e.g. re-targeting). - the retention of data meaning the duration of time that would be allowed to bring data in de-identified state. - any (unintended/unforeseen) data uses that may have an impact on a (the personal space) of a user/user agent/device. For example re-targeting based on de-identified data, or re-targeting based on correlation with de-identified data. My proposal is to exclude text for de-identified data in order to aim for a cleaner specification. Rob David Singer schreef op 2014-08-14 01:58: > On Aug 8, 2014, at 6:54 , Mike O'Neill <michael.oneill@baycloud.com> > wrote: > (...) > > Trying another way of phrasing it: > > Data is permanently de-identified (and hence out of the scope of this > specification) when a sufficient combination of technical measures and > restrictions ensures that the data does not, and cannot and will not > be used to, identify a particular user, user-agent, or device. > > Note: Usage and/or distribution restrictions are strongly recommended > for any dataset that has records that relate to a single user or a > small number of users; experience has shown that such records can, in > fact, sometimes be used to identify the user(s) despite the technical > measures that were taken to prevent that happening. > > > David Singer > Manager, Software Standards, Apple Inc.
Received on Thursday, 14 August 2014 09:09:12 UTC