Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fill out principle on safe but under user control #61

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

fill out principle on safe but under user control #61

wants to merge 2 commits into from

Conversation

npdoty
Copy link
Collaborator

@npdoty npdoty commented Jul 2, 2024

references to ancillary uses, controlled deidentified data and personal data from privacy principles

@npdoty
fill out principle on safe but under user control
eab93b5 
references to ancillary uses, controlled deidentified data and personal data from privacy principles
@npdoty npdoty added the Principles Document This pertains to the Principles and is in an editorial mode. label Jul 2, 2024
martinthomson
martinthomson approved these changes Jul 3, 2024
View reviewed changes
principles/index.html Outdated Show resolved Hide resolved
principles/index.html Outdated Show resolved Hide resolved
@npdoty npdoty mentioned this pull request Jul 3, 2024
Open
@npdoty @martinthomson
Apply suggestions from code review
e1060d7 
thanks Martin

Co-authored-by: Martin Thomson <[email protected]>
@npdoty
Copy link
Collaborator Author

npdoty commented Sep 27, 2024

Based on discussion at TPAC today, @csharrison or @michaelkleber are concerned that revealing personal data from a particular first-party is expected and acceptable. I'm still not clear on the implications of that, but comments on this PR or alternative language suggestions would be welcome.

@michaelkleber
Copy link
Collaborator

The subsequent section "Measurement should not significantly enable cross-context recognition" already addresses the re-identification risk of the API.

Maybe the additional protection here is that an aggregate measurement API should not give a caller any new user-specific information? (Or that any new information needs appropriate DP protection?)

I think the point of the discussion at TPAC was that the API caller can surely already know some information, e.g. the URL of the page where they just called the API, and we want to avoid saying that the API needs to somehow hide that already-known information.

@csharrison
Copy link
Collaborator

+1 to @michaelkleber . Maybe it would help to understand @npdoty what you were trying to achieve / protect against with this paragraph that isn't already covered, from the perspective of the API?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@martinthomson martinthomson martinthomson approved these changes

Assignees
No one assigned
Labels
Principles Document This pertains to the Principles and is in an editorial mode.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@npdoty @michaelkleber @csharrison @martinthomson