- From: Harshvardhan J. Pandit <me@harshp.com>
- Date: Tue, 30 Jun 2020 14:40:33 +0100
- To: Georg Philip Krog <georg@signatu.com>, Data Privacy Vocabularies and Controls Community Group <public-dpvcg@w3.org>
- Cc: Jon Stephansen <jon@signatu.com>, Torgeir Hovden <torgeir@signatu.com>
Hi Georg, Everyone. Thank you for suggesting the purpose categories. There are two things within the email that I want to separate in terms of context here: purpose and purpose category. My interpretation of this is that the category is a top-level abstract concept and the purpose is a more specific iteration of it. 1) Network Communication - I honestly do not understand this in terms of 'purpose', but from what little I can grasp - it concerns network connectivity? Someone better informed about this should identify how this fits with the DPV taxonomies. - As an additional note on the email: We do not quantify within the DPVCG (yet) about the legal bases required for certain purposes. Therefore, I have ignored aspects of legal bases e.g. requires consent - This raises an interesting body of work: should the DPV provide a way to associate legal bases for specific purposes or processing items or personal data categories (or combinations thereof). From my pov - this is specifying policies and interpretations of laws. So if there is interest - we should note it as an use-case and work on best supporting it in terms of providing necessary vocabulary. 2) Essential functionality - This is again completely subjective given that essentiality changes with context. I also do not understand this as a purpose category. - In line with the earlier point - should DPV provide a way to indicate a purpose is 'essential', or to put it in more legal terms - specify a purpose as based on a certain legal basis such as legitimate interest or legal obligation to indicate it is not optional. 3) Analytics - This is tricky for me to clarify. DPV does not have 'analytics' as a purpose because (if I remember the workshop discussions correctly) we decided that whatever the analytics is being used for is the actual purpose e.g. personalisation, optimisation. - So within this context, how to indicate analytics as a (sub-)purpose associated with a larger purpose? Is 'analytics' possible to be expressed as a combination of analytics (processing) for personalisation (purpose) 4) Advertising - DPV does not contain 'advertising' as a purpose category (again some discussion happened at the workshop) - DPV does contain personalised products, recommendations, benefits. So where does 'advertising' fit in to these? - To me, when 'advertising' is a purpose it means 'personalised advertising' -> which should be a subset of personalised recommendations? Is there some weird cross with Marketing here? 5) Cloud infrastructure and traffic distribution - I don't understand this as a 'purpose' - same issue as (1) network - Seems to me that this is relevant to 'Service Provision' that is present in DPV? 6) Communication - Where does this fit into the existing DPV taxonomy? - We have customer care, is this the same? 7) Document consent - alternative title for this should be 'record consent' which is IMHO more clear and consistent with common usage - I would suppose this is a legal requirement, so as a purpose where does this fit? Service Provision? - This also brings up the larger issue of what to call purposes that are there because they are legal obligations e.g. share data with the authorities 8) Content Management - This falls under Service Provision IMO - However, the definition notes that this applies also to 3rd party content including advertising - so I'm skittish about this because this makes the purpose not independent of advertising 9) Customer Management - DPV has customer care - but the definition is different from Signatu's - Customer Management here is defined in terms of registering prospective customers etc -> is this profiling? is this analytics? 10) E-commerce - DPV has sell products to data subject 11) Marketing - DPV does not have marketing, we have dpv:CreateProductRecommendations which meantions svpu:Marketing (SPECIAL) as a related term - IMHO it should have marketing as a basic purpose category - Note: Personalised Marketing is then a subset of Marketing 12) Optimisation - DPV has optimisations for consumer, controller, optimisation of UI/UX 13) Payment - DPV does not have payment - IMHO it should have payment - but the title needs to better reflect its indication of transaction - Fraud Prevention and Detection - which is mentioned in the description of payment in Signatu's description, is present in DPV - This raises the issue of purpose dependencies - here fraud detection is a 'sub-purpose' of payment. How to specify this using the DPV? - When done by subclassing both (payment + fraud detection), it is not clear which is 'primary' and 'secondary' in terms of application here. 14) Personalisation - DPV provides personalisation for recommendations, benefits, and service personalisation - Signatu's description mentions ads and user profiling which are different purposes (continuing from previous points on this) 15) Survey and Reviews - Not sure how one would intepret this, but DPV has R&D as well as improvement of existing products - IMHO provision of a survey is not a purpose into itself. It is what is being done with the survey data that is the purpose. So if it is understanding user requirements - then the purpose should be analytics or R&D (AFAIK) - Other aspects mentioned in the description e.g. review, rate service, read other reviews - seem to me to be Service Provision 16) Search - Service Provision? 17) Security - DPV has Security as a purpose but the description only mentions data which IMO should be amended to a more generic description of security 18) Single Sign-on - DPV has identity verification - so this would be a subset of that? - Defining this purpose seems to imply using a third-party for identity verification purposes 19) Social Media - Isn't this part of Marketing? 20) Tag management - I don't know what this purpose means or how this relates to purposes in DPV 21) Registration and Authentication - IMO this is covered with Identity Verification Regards, Harsh On 23/06/2020 10:36, Georg Philip Krog wrote: > Dear DPV folks, > > Signatu contributes to the DPV with some *purpose categories* (in the > table below). > These are typical processing purposes of the 3rd parties (in Signatu 3rd > party registry) that load remote resources on websites to track end users. > > Some of these categories overlap with those in the existing DPV. > > Purpose category Tag vendorCategoriesDescription Purpose > Network Communication signatu:network-communication Site sets cookies to > carry out the transmission of a communication over an electronic > communications network (to route information over a network by > identifying the communication ‘endpoints’, or to exchange data items in > their intended order, or to detect transmission errors or data loss) > Does not require consent. to transmit users’ communication to us and > from us back to users over an electronic communications network. If the > cookies are disabled, the requested functionality will not work. > Essential Functionality signatu:service-provision A resource used on a > site that 1)the user takes a positive action to request the service with > a clearly defined perimeter, 2)is strictly needed to enable the service; > if the resources are disabled, the service will NOTwork. Does not > require consent. to deliver this service as requested by the user. If > the cookies are disabled, the requested functionality will not work. > Non-essential Functionality signatu:service-functionality A resource > used on a site that 1)the user did NOTtake a positive action to request > the service with a clearly defined perimeter, 2)is NOTstrictly needed to > enable the service; if the resources are disabled, the service will > work. Requires consent. to deliver functionalities that the user did not > request or that are not strictly needed to enable the service. If the > cookies are disabled, the requested functionality may not work. > Analytics signatu:analytics A platform that measures and reports user > interaction with a website. to report user behaviour and events on this > service and traffic on pages. > Advertising signatu:audience-targeting A provider of technology and data > to define a target audience of a target market for a particular > advertisement or message. to deliver to users personalised adds that we > predict users like to view based on users’ profile and previous browsing > behaviour. > Cloud Infrastructure and Traffic Distribution signatu:cloud An > infrastructure of servers, software and network to support computing in > a cloud computing model. to distribute the content of this service, > analyze the data to optimize server performance, or to find and resolve > problems of our software that prevent its correct operation. > Communication: email, phone, sms, chat, push messages > signatu:communication A technology that enables communication bewteeen > parties such as email, phone or chat between a website and its users. to > communicate with users via email, phone, sms, chat or push messages > regarding your requests. > Document Consent signatu:compliance A technology that enables a website > or app to comply with the law, such as a Consent Management Platform > that records end users consent. to record users’ consent events, dates > and times of consents, user IDs or unique cookie IDs. > Content Management signatu:content-management A platform to manage the > 1st and 3rd party content (including advertising) of a website. to > enable users to view, listen to and interact with content delivered on a > page of this service. > Customer Management signatu:crm A platform that registers prospective, > existing and lost customers. to register prospective, existing and lost > customers to track sales. > E-commerce signatu:e-commerce A platform that sells products and/or > services online. to offer and carry out sales of products and services > online. > Marketing signatu:marketing-tool A technology that enables companies to > market their services and/or products. to register users’ phone number > and/or email on our marketing phone list and/or email list, and to phone > you, send you sms, send you email messages and/or web and mobile push > messages. These messages contain information about our products, > services, promotions. You can unsubscribe at any time. > Optimisation signatu:optimisation A platform that enables websites, apps > etc to improve sales and users’ experience. to test and compare versions > of a page of this service to know which version that performs best, and > to identify and correct errors in our software. > Payment signatu:payment A platform that transacts a payment. to process > users’ payment transactions, and send emails to users regarding users’ > payments, and to monitor, prevent and detect fraudulent payment > transactions. > Personalisation signatu:personalisation A technology that enables the > creation of user profiles and showing users content or ads that are > tailored to the interests and preferences of the user. to deliver to > users content that we predict users like to see on this service. > Surveys and Reviews signatu:reviews A platform that enables users to > review and rate a service and/or a product, and also to read other > users’ reviews. to collect users’ market research answers or enable > users to review and rate a service or a product or to read other users’ > reviews. > Search signatu:search A web search engine that searches the World Wide > Web in a systematic way for particular information specified in a > textual web search query. to search for particular information specified > in users’ textual search query. > Security signatu:security A technology that enables breach protection. > to find security flaws, monitor our software for compromise, contain > threats, and protect and secure our own and our users' environments. > Single Sign On signatu:single-sign-on A technology that enables users to > use one set of login credentials (e.g., name and password) to access > multiple applications. SSO can be used by enterprises, smaller > organizations to sign up or log in to this service by using social media > authentication credentials. > Social Media signatu:social A platform that enables users to interact, > communicate and share content with other users. to optimise the > advertisement and increase economic opportunity of this service by > making it visible on social media. > Tag Management signatu:tag-management A technology used by websites to > more easily activate, deactivate and manage 3rd party technologies, and, > more recently, the data that they collect. to activate or deactivate the > technologies (tags, scripts etc) used on this service. > Registration and Authentication signatu:verification A technology that > enables a website or an app to authenticate users and prevent fraud. to > register, authenticate and identify users to enable users to sign up or > log in to this service. > > > Best regards, > > -- > Georg Philip Krog > > signatu <https://signatu.com> -- --- Harshvardhan Pandit, Ph.D Researcher at ADAPT Centre, Trinity College Dublin https://harshp.com/research/
Received on Tuesday, 30 June 2020 13:40:52 UTC