This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.
Use of the terms identified, identifiable, and linked are still somewhat confusing in the spec. We need additional explanations and clarifications of the meanings of these terms and the history of why we are using them this way. Some of this might be added to the 1.1 spec or included in an appendix; however, we should consider drafting a W3C Note on this. This will be assigned to Ari as soon as he creates an account.
<quote>all information linked to a cookie</quote> in section 4 Remarks: First, we don't require that for full policies. This sounds strange to me. Second, as we use linking all the time for the URI to the human readable policy, it might be good to change the wording of linked here to: also data that shares the same identifier with the cookie or data where the cookie serves as a common identifier. For identified vs identifiable, I think there was an assumption that we understand identifiable as laid out in the EU-Directive whereas 26: <quote> <a href="http://europa.eu.int/smartapi/cgi/sga_doc?smartapi!celexapi!prod! CELEXnumdoc&lg=EN&numdoc=31995L0046&model=guichett">link to directive</a> (26) Whereas the principles of protection must apply to any information concerning an identified or identifiable person; whereas, to determine whether a person is identifiable, account should be taken of all the means likely reasonably to be used either by the controller or by any other person to identify the said person; whereas the principles of protection shall not apply to data rendered anonymous in such a way that the data subject is no longer identifiable; whereas codes of conduct within the meaning of Article 27 may be a useful instrument for providing guidance as to the ways in which data may be rendered anonymous and retained in a form in which identification of the data subject is no longer possible; while identified means, that one has already made (identified) the person, e.g. stored all information in a database together with personal information so that the whole record can easily be digged up. Rigo
Actually, we do require this for full policies if the full policy makes disclosures about cookies.
But we don't require it for any uniqueID. We included the information linked to a cookie to make clear that the property of a cookie as an identifier in a database table was the technics mostly used and the information in the cookie itself were not really relevant. But this counts for any uniqueID. So perhaps the Specification might be inconsistent to this.
Created attachment 18 [details] Draft explanation for Inclusion in next update
The final wording is not the one in the attachement, this is the initial wording. The final wording is of September 2003 and in the mailing-list. I will put together a consolidated draft and put it here. http://lists.w3.org/Archives/Public/public-p3p-spec/2003Sep/0003.html and the following thread.
Consolidated Draft at: http://www.w3.org/P3P/2003/09-identifiable.html
The text is now in Annex 8 of the P3P 1.1 Specification