w3c/wbs-design
or
by mail to sysreq
.
The results of this questionnaire are available to anybody. In addition, answers are sent to the following email address: team-tracking-chairs@w3.org
This questionnaire was open from 2014-11-19 to 2014-12-05.
5 answers have been received.
Jump to results for question:
Option A: Remove auditability requirement from security section
Remove the text below from the Reasonable Security section.
Third parties SHOULD ensure that the access and use of data retained for permitted uses is auditable.If you have an objection to this option, please describe your objection, with clear and specific reasoning.
Responder | Objections to Option A: Remove auditability requirement from security section |
---|---|
David Singer | We object to this removal, although it is not strictly needed. Anyone claiming to comply with the rule that data retained retained for a permitted use is only used for that use, may at some point be challenged and will have to show that they comply -- whether or not this sentence is there. This sentence may state the obvious but it should stay. |
Walter van Holst | Not having any obligation for an audit trail regarding acces and use of data shifts the burden of proof to regulators and users. The onus for proving compliance with the specification should lie on the shoulders of those who claim compliance. Removal of this obligation would result in a loophole in the compliance specification. |
Roy Fielding | |
Mike O'Neill | The requirement for auditability for permitted use is important because it underlines that the reason for ignoring DNT should be claimed only for the specific purpose, and must not seen as a "get out of jail free" card. It is entirely reasonable that companies should be able to prove this, and removing the text requiring it is a bad signal that would reduce the credibility of DNT for users and companies. |
Shane Wiley | The most reasonable path forward that maintains a tight focus on the core issues at hand and doesn't meaninglessly create ambiguity and legal uncertainty for implementors. |
Option B: Add explanatory text for "auditable"
Retain existing text and add the following paragraph to the Reasonable Security section.
For the purposes of this recommendation, auditable is understood as having sufficient records of access and use of data retained such that an independent auditor would have a reasonable level of confidence that the data retained is exclusively used for the permitted uses or that breaches of this can be detected ex-post. For example, an auditor might use a similar level of confidence to that required for the organization's financial records.
If you have an objection to this option, please describe your objection, with clear and specific reasoning.
Responder | Objections to Option B: Add explanatory text for "auditable" |
---|---|
David Singer | We mildly object to this text; we don't need to say how companies prove that they adhere to the rule. We just need to say that they may need to prove it (the existing text). Overall, we prefer 'no change', which the poll doesn't offer. |
Walter van Holst | |
Roy Fielding | I object to the existing text "Third parties SHOULD ensure that the access and use of data retained for permitted uses is auditable." with or without the additional explanatory text. I have no idea how to implement such a thing. I see no need to require something that is essentially for the business's own benefit, assuming someone does come along with a standard method of auditing procedures for handling data marked as DNT:1. This does not mean the business is less responsible for adhering to its own statements about DNT. What I expect is that some party who claims to adhere to DNT will eventually be inspected by regulators and found wanting, and at that time the regulator will post a list of deficiencies that can be used by auditing companies as the basis for coming up with expected guidelines and procedures specific to DNT. Then, companies will be pressed by their own lawyers to make their processes auditable along the same lines. This will iterate and repeat over many years as regulators and businesses figure out the right balance between auditability and responsible data destruction (for privacy). |
Mike O'Neill | |
Shane Wiley | This is unneeded as an element of the TCS. Regulators already have the tools needed to inspect companies they believe to be in violation of their privacy promises to users. The proposed language creates legal uncertainty for companies that anything they purge with the goal of data minimization in mind would now be subject to retention requirements for "auditability". This is a slippery slope with considerable complexity with little to no value in return. |
Everybody has responded to this questionnaire.
Compact view of the results / list of email addresses of the responders
WBS home / Questionnaires / WG questionnaires / Answer this questionnaire
w3c/wbs-design
or
by mail to sysreq
.