On 10.09.2013, at 20:23 , ianG <i...@iang.org> wrote: > On 11/09/13 03:27 AM, Daniel Veditz wrote: >> "private" means we can't even /look/ at it, rather than merely can't >> store it? > > The data regime might be simply put as this: you can't store a number > suitable for tracking (or any derivative of it if that simply creates a new > tracking number) unless you have a compelling business reason, and you have > agreement. > > The EU data protection regime makes a very strong distinction about any > private tracking information. It also goes to another level if you share > that information with anyone. > > The initial simple answer is, don't go there. (I have no idea how google > finessed this issue, or even if they didn't.)
Most of this is very much a gray area. The data privacy officers / protection agencies have generally recognized that location services based on wifi networks are a very useful service, and in order to practically run them, you have to be able to collect wifi bssid's without getting the individual assent of every wifi AP operator. But at the same time they consider the combination of a bssid, timestamp and geolocation as personally identifiable information suitable for tracking. Much like IP addresses, or phone numbers. So currently there's an unspoken agreement where industry players like Google, Microsoft and Apple have voluntarily put some restrictions into place. One of those is the introduction of the _nomap network name suffix, which was deemed an effective way for wifi operators to opt-out of the data gathering (see for example http://www.dutchdpa.nl/Pages/en_pb_20120405_google-complies-with-Dutch-DPA-requirements.aspx). Other cases where the introduction of the "you need to know two nearby wifis" to geolocate yourself protection. This was a measure suggested and implemented first by Google based on media outcries and has now become a industry best-practice. But it's not actually mandated by any official regulation to my knowledge. For now the whole space hasn't seen official tight regulation and the industry players are allowed to continue to operate. But it's a fine balance and any new media outcries or questionable behavior can threaten this balance. So for us this means trying to adhere to existing industry best practices and generally following data privacy best practices like: only gather and store what you need, delete data as soon as you don't need it anymore, etc. All of this applies to the hosted service use-case, where we keep the data internal and don't share or sell it for other purposes. Since it's all unofficial agreements, it's very hard to impossible to know exactly what we should do for the "we want to publicly share this data" use-case. Hanno _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
