Copy-edit the Common Concepts section, except for the Recognition sub-section. #369
Conversation
| * their location data, | ||
| * an online identifier such as email or IP addresses, | ||
| * browser fingerprints (based on a combination of | ||
| configuration characteristics), or | ||
| * factors specific to their physical, physiological, genetic, mental, | ||
| economic, | ||
| cultural, social, or behavioral [=identity=], | ||
| configuration characteristics), or | ||
| * factors specific to their physical, physiological, genetic, mental, economic, | ||
| cultural, social, or behavioral [=identity=], |
There was a problem hiding this comment.
I'm not sure these are all actually identifiers. They're ways to identify people, but we've defined an identifier as a thing that got assigned to a person.
There was a problem hiding this comment.
As discussed today maybe these are characteristics rather than unique identifiers...
There was a problem hiding this comment.
Punting further discussion to #374.
| @@ -2122,41 +2113,39 @@ | |||
| destruction. | |||
There was a problem hiding this comment.
Yikes! What parts of this do we actually need to list, and what parts could we simplify?
There was a problem hiding this comment.
We looked at this today and agreed we need to re-write.
There was a problem hiding this comment.
Left for discussion in #375.
| is a [=person=] whose ability to make their own choices can be taken away more | ||
| easily than usual. Among other things, they should |
There was a problem hiding this comment.
Filed #373 to keep thinking about whether we need this at all.
index.html
Outdated
| [=actor=] and solely for the list of explicitly-specified [=purposes=] | ||
| detailed by the directing [=actor=] or [=data controller=]; | ||
| [=data controller=] and solely for the list of explicitly-specified [=purposes=] | ||
| detailed by the directing [=data controller=]; |
There was a problem hiding this comment.
@darobin can you review this change? It looked good to us on today's call but wanted your eyes on it as well.
There was a problem hiding this comment.
This is also incorrect as it rules out the possibility of being the processor of a processor.
index.html
Outdated
|
|
||
| * is processing the data on behalf of that [=actor=]; | ||
| * [=processes=] data on behalf of a [=data controller=]; |
There was a problem hiding this comment.
This is incorrect: you can have a service provider of a service provider, in fact it's very common.
index.html
Outdated
| * may determine implementation details of the data processing in question but | ||
| does not determine the [=purpose=] for which the data is being [=processed=] | ||
| nor the overarching [=means=] through which the [=purpose=] is carried out; | ||
| * has no independent right to use the data other than in a [=de-identified=] form (e.g., for | ||
| monitoring service integrity, load balancing, capacity planning, or billing); and, | ||
| * has a contract in place with the [=actor=] which is consistent with the above limitations. | ||
| * has a contract in place with the [=data controller=] which is consistent with the above limitations. |
| The <dfn>Vegas Rule</dfn> is a simple implementation of privacy in which "<i>what happens with the | ||
| [=first party=] stays with the [=first party=]</i>." Put differently, the [=Vegas Rule=] is followed | ||
| when the [=first party=] is the only [=data controller=]. While the [=Vegas Rule=] is a good | ||
| guideline, it's neither necessary nor sufficient for [=appropriate=] [=data processing=]. A [=first | ||
| party=] that maintains exclusive access to a person's data can still [=process=] it | ||
| [=inappropriately=], and there are cases where a third party can learn information about a person | ||
| but still treat it [=appropriately=]. | ||
|
|
There was a problem hiding this comment.
Can we not revisit decisions we've discussed and made? See:
There was a problem hiding this comment.
We re-discussed this today and decided to keep the Vegas Rule out.
index.html
Outdated
| ## Acting on Data {#acting-on-data} | ||
|
|
||
| We define <dfn data-lt="data">personal data</dfn> as any information that is directly or | ||
| indirectly related to an identified or identifiable [=person=], such as by reference to an | ||
| [=identifier=] ([[GDPR]], [[OECD-Guidelines]], [[Convention-108]]). | ||
| [=identifier=]. (This matches the [[[GDPR]]], the [[[OECD-Guidelines]]], and the [[[Convention-108]]].) |
There was a problem hiding this comment.
I worry about "this matches" as that is expressing a legal opinion. Referencing documents that define PD is helpful as it allows folks to explore the space further if they need to, but claiming that our definition matches the exact sense used by three distinct legal documents really worries me.
There was a problem hiding this comment.
I've un-done this change.
jyasskin
dismissed
darobin’s stale review
We agreed in https://github.com/w3ctag/privacy-principles/blob/main/meetings/2023-11-29-minutes.md#369-copy-edit-the-common-concepts-section-except-for-the-recognition-sub-section that my changes after the meeting would be good enough to land this, but I'll still wait for someone to approve to confirm that my changes were the ones we agreed on.
Co-authored-by: Wendy Seltzer <[email protected]>
jyasskin
force-pushed
the
copy-edit-common-concepts
branch
from
12e4079
to
950bcf8
Compare
Fixes #317, because I think we've already done a pass over Recognition.
Preview | Diff