RE: ACTION-371: text defining de-identified data

Rob,

I thought we had agreed to not mix the "unlinkable" term with "de-identified" here.  In our discussions in Boston it appeared there was general agreement that unlinkability in a step beyond de-identified.  Once a record has been rendered de-identified, it can later further be made unlinkable (using your definition of unlinkable vs. the one I proposed).  This is a significant sticking point for those of use attempting to find middle-ground here so hopefully we can document the details in non-normative text but I'd ask that we remove mention of unlinkable in the definition of de-identified at this time (or else we've not really moved forward in this discussion in my opinion).

- Shane  

-----Original Message-----
From: Rob van Eijk [mailto:rob@blaeu.com] 
Sent: Wednesday, March 13, 2013 5:57 AM
To: public-tracking@w3.org
Subject: RE: ACTION-371: text defining de-identified data

Dan, Kevin,

I would really want the unlinkability in there as well. I propose to add the text:  made unlinkable

Normative text: Data can be considered sufficiently de-identified to the extent that it has been deleted, made unlinkable, modified, aggregated, anonymized or otherwise manipulated in order to achieve a reasonable level of justified confidence that the data cannot reasonably be used to infer information about, or otherwise be linked to, a particular user, user agent, computer or device.


In terms of privacy by design, de-identification through unlinkability is the strongest form of de-identtification IMHO.

Rob

Kevin Kiley schreef op 2013-03-12 19:03:
> Dan,
> 
> In case I wasn't being clear in my last post, I (personally) believe 
> that
> 
> User-agent should *NOT* be removed from the proposed text.
> 
> I actually don't think it would do any harm to *ADD* the word 
> 'Computer'
> 
> as well ( which is present in the current FTC definition ) so it reads 
> like this…
> 
> Normative text:
> 
> Data can be considered sufficiently de-identified to the extent that 
> it
> 
> has been deleted, modified, aggregated, anonymized or otherwise
> 
> manipulated in order to achieve a reasonable level of justified
> 
> confidence that the data cannot reasonably be used to infer 
> information
> 
> about, or otherwise be linked to, a particular user, user agent, 
> computer or device.
> 
> I think that covers it pretty well, and *NO* 'clarifying text' is 
> necessary.
> 
> Just my 2 cents.
> 
> Kevin Kiley
> 
> Previous message(s)…
> 
> Dan,
> 
> Perhaps you can add text clarifying this perspective or, much like the 
> FTC, suffice with "device" which I believe more than covers what 
> you're looking for here.
> 
> - Shane
> 
> From: Dan Auerbach [mailto:dan@eff.org]
> 
> Sent: Tuesday, March 12, 2013 8:57 AM
> 
> To: public-tracking@w3.org
> 
> Subject: Re: ACTION-371: text defining de-identified data
> 
> Shane and Kevin -- The phrase "user agent" in the text is intended to 
> refer to a particular user agent (not "Chrome 26" but rather "the 
> browser running on Dan's laptop". I hoped that would be clear from 
> context, but if it's not we can clarify. I may not be able to identify 
> your device per se, but can identify that this is the same browser as 
> I saw before. I think this is the case with using cookies, for 
> example. It seems more accurate to me than lumping it all under 
> "device", and appropriate since the text of our document is elsewhere 
> focused on user agents, unlike the FTC text.
> 
> Best,
> 
> Dan
> 
> On 03/12/2013 12:19 AM, Kevin Kiley wrote:
> 
>>> Shane Wiley wrote...
> 
>>> I had removed "user agent" in the suggested edit as this could be 
>>> something as generic as "Chrome 26".
> 
> It can also be something VERY specific... and tell you a LOT about the 
> Computer/OS/Device being used.
> 
> In the case of Mobile... it will pretty much tell you EXACTLY what 
> 'Device' is being used.
> 
>>> The FTC likewise does not use "user agent" in their definition.
> 
> That's true... but BOTH definitions (W3C and FTC) currently mention 
> 'Device'... and the FTC
> 
> reports go to great lengths about how important it is to exclude any 
> knowledge of 'the Device'
> 
> from the de-identified data ( especially in the case of 'Mobile 
> Devices' ).
> 
> Kevin Kiley

Received on Wednesday, 13 March 2013 15:14:35 UTC