Re: Data tf postponed from Ted Guild on 2019-01-28 (public-autowebplatform@w3.org from January 2019)

From: Ted Guild <ted@w3.org>
Date: Mon, 28 Jan 2019 15:22:57 -0500
To: Armin Gerl <Armin.Gerl@uni-passau.de>
Cc: public-autowebplatform <public-autowebplatform@w3.org>
Message-ID: <da8346b3d4539b94ae77bc396d3c278196ee5dbb.camel@w3.org>
[re-adding list with Armin's consent... also using html mail to
preserve your formatting]
Thanks Armin, some responses in-line. I'll work on a more cohesive
writeup on the other things I would like to represent in a policy
language to share with the rest of the group later.
On Mon, 2019-01-28 at 14:02 +0100, Armin Gerl wrote:
>     Hello Ted,
> 
>     unfortunately I cannot join todays talk due to another meeting.
> 
>     But I would like to give some comments on the Data Contract
>       Draft, especially the privacy points:
> 
>     
>         
> 
>           Consideration needs to be made for what data can be used in
> conjunction to ‘fingerprint’ drivers, such things as driving
> patterns, break frequency, jitteriness of the wheel etc.
>         
>         For this point I think it would be a good practice to
>           classify the data into "privacy groups" and publish them as
> a
>           recommendation. Privacy groups can be "explicit identifier,
>           which uniquely can identify a person. "quasi identifier",
>           which in combination with other quasi identifier can
> identify
>           a person e.g. postal code and date of birth. "sensible
>           attributes" which are important information but should not
> be
>           linked to a person, e.g. a disease. "non-sensitive
> attribute"
>           which are none of the above. I assume that most data in the
>           mobility domain will classify as "quasi identifier" as they
>           might the persons behaviour and therefore could identify
> the
>           person.

Privacy groups can be useful as you describe, it might also be
beneficial to categorize groups of signals based on privacy
sensitivity.
I think part of the point Harjot was trying to make as I have heard
Glenn express it too is that clever researchers may at some later date
think of ways to potentially fingerprint a driver or vehicle based on
data we initially think as innocuous. To the extent we can mark signals
or collections of signals as having the potential to identify a person
based on their behavior, it would be good to identify them so policies
can be written with that concern in mind. As fingerprinting techniques
evolve, policies should be reviewed.
>         
> 
>         
>           Transfer of individual user/driver preferences between
> vehicles
>           Different processing for vehicles in use during designated
> work windows vs personal time
>           Capturing consent, will this be done via phone/vehicle
> connection? Perhaps something similar to what companies like Irdeto
> have done
>         
>         I think those 3 points require a groundlying decision on how
>           to identify a driver (and therefore its profile) within a
>           vehicle.  This could be a smartphone or another "token"
> that
>           can be stored on a device like a encrypted nfc chip. Maybe
> it
>           is even possible to match the car key to a profile? For
>           capturing the consent a phone/vehicle connection might be
>           appropriate, but special cases should be considered. E.g.
>           areas with no mobile internet connection or drivers that do
>           not have (for whatever reason) a smartphone. So suitable
>           alternatives should be considered.

Profile is a very important piece. We need something definitive to
assert who gave permission and for that identification to have some
persistence across restarts of the car and would be useful to have it
available across different vehicles, retrieved from cloud as needed. We
know several OEM are working on profiles although none have shared with
the group much less offered a representation for standardizing. We have
been talking with Uber about a couple things including possible
interest in bringing their profile ontology to us for consideration.
>         
>         
>           Anonymization/Aggregation of data - what would be
> considered a minimum sample size for aggregate data before being made
> available to 3rd parties 
> 
>         
>         This strongly depends on the sensitivity of the data. A
>           general answer cannot be given but the specific use cases
> have
>           to be specified and analysed. There are a lot of
> anonymization
>           methods (and privacy models) out there that cover specific
>           privacy problems. 
> 
>         
>         Best,
>         Armin
> 
>         
>       
>     
> 
>     
>     Am 24.01.2019 um 08:05 schrieb Ted
>       Guild:
> 
>     
>     
> >       
> >       Rescheduled for Monday 10 EST 16 CET for those who can make
> > it.
> > 
> >       
> > 
> >       Primary topic is to continue data contract conversation and
> > frame
> >       particular asks to Auto WG on Tuesday
> > 
> >       -- 
> > 
> >       Ted Guild <ted@w3.org>
> > 
> >       https://www.w3.org
> >     
> 
>   
> 
-- 
Ted Guild <ted@w3.org>
W3C Automotive Lead
http://www.w3.org
Received on Monday, 28 January 2019 20:23:00 UTC