Privacy/TPWG/Change Proposals from EFF Privacy Badger

From W3C Wiki
< Privacy‎ | TPWG
Jump to: navigation, search

Input for text proposals from EFF's Compliance policy for Privacy Badger:

Input for current ISSUES

Short Term Retention


  1. Logs with DNT Users' identifiers removed (but including IP addresses and User Agent strings) may be retained for a period of 7 days or less, unless an Exception (below) applies. This period of time balances privacy concerns with the need to ensure that log processing systems have time to operate; that operations engineers have time to monitor and fix technical and performance problems; and that security and data aggregation systems have time to operate.
  2. These logs will not be used for any other purposes.



  1. We may retain and share anonymized datasets, such as aggregate records of readership patterns; statistical models of user behavior; graphs of system variables; or logs with encrypted IP addresses and simplified User Agent strings.
  2. "Anonymized" means we have conducted risk mitigation to ensure that the dataset, plus any additional information that is in our possession or likely to be available to us, does not allow the reconstruction of reading habits or online activity of groups of fewer than 4096 individuals or devices.
  3. "Risk mitigation" means an engineering process that evaluates the possibility and likelihood of various adverse outcomes, considers the available methods of making those adverse outcomes less likely, and deploys sufficient mitigations to bring the probability and harm from adverse outcomes below an acceptable threshold.

Permitted Use: Security


  1. If, during the processing of the initial request (for unique identifiers) or during the subsequent 7 days (for IP addresses and User Agent strings), we obtain specific information that causes our employees or systems to believe that a request is, or is likely to be, part of a security attack or fraudulent transaction, then logs of those requests are not subject to this policy.
  2. If we encounter technical problems with our site, then, in rare circumstances, we may retain logs for longer than 7 days, if that is necessary diagnose and fix those problems, but this practice will not be routinized and we will strive to delete such logs as soon as possible.

Related to closed ISSUES

Unknowing Collection

From time to time, there may be inadvertent errors by which user data is temporarily logged or retained in violation of this policy. We will delete this data as soon practicable after we become aware of the error and take steps to ensure that it is deleted by any third-party who may have had access to the data.