RE: [Issue-5][Action-78] Remember to forget me from JC Cannon on 2012-02-03 (public-tracking@w3.org from February 2012)

From: JC Cannon <jccannon@microsoft.com>
Date: Fri, 3 Feb 2012 00:44:44 +0000
To: Vincent Toubiana <v.toubiana@free.fr>, "public-tracking@w3.org" <public-tracking@w3.org>
CC: "karld@opera.com" <karld@opera.com>
Message-ID: <DB4282D9ADFE2A4EA9D1C0FB54BC3BD76E4C4C4A@TK5EX14MBXC139.redmond.corp.microsoft.>

Vincent,
Responses to specific text:
- After the retention period corresponding to each of the exemption has been reached, the 3rd party operator MUST erase the referrer header of entries flagged with DNT:1 and either erase or de-identify the rest of the entry.  -   To de-identify the data, the 3rd party operator MUST replace semi-identifiers by fix values  (i.e IP=0.0.0.0, UA=ZZZ).
Are you indicating that 3rd parties must go back through raw logs or processed data to erase the referrer de-identify the entry? If the former this will near impossible for companies who collect an enormous amount of logs daily.
- A User-Agent sending DNT:1 MAY prevent the transmission of cookies and other identifiers that are sent with the request.
If cookie suppression occurs at the client it will override exceptions that may be place for a site.

From: Vincent Toubiana [mailto:v.toubiana@free.fr]
Sent: Thursday, February 02, 2012 9:28 AM
To: public-tracking@w3.org
Cc: karld@opera.com
Subject: [Issue-5][Action-78] Remember to forget me

Description:

Write-up of the "Remember to forget me" definition. This first draft focuses on a definition addressing the collection of data by third parties. The main idea is to keep the log entries with DNT:1 and to flag them to quickly de-identify them when they are not longer covered  by an exemption.

Server Logs

- A 3rd party MAY log request received with DNT:1. If such request is logged, the third party MUST keep the header DNT:1 in the logs.
- A 3rd party operator SHOULD not infer information from/about a user who send DNT=1.
- After the retention period corresponding to each of the exemption has been reached, the 3rd party operator MUST erase the referrer header of entries flagged with DNT:1 and either erase or de-identify the rest of the entry.  -   To de-identify the data, the 3rd party operator MUST replace semi-identifiers by fix values  (i.e IP=0.0.0.0, UA=ZZZ).
- When a 3rd party aggregates logs, it MUST either not process the entries flagged with DNT:1 or de-identify them beforehand.
- A 3rd party receiving DNT:1 MUST not personalize the response based in user ID.

User Agent

- A User-Agent sending DNT:1 MAY prevent the transmission of cookies and other identifiers that are sent with the request.
- A User-Agent receiving a "non tracking" response from a 3rd party operator SHOULD not modify its state regarding this 3srd party (local storage, cookie, cache,...).

Received on Friday, 3 February 2012 00:45:30 UTC