Re: Purpose categories in the online context

Hi Georg, Everyone.
Thank you for suggesting the purpose categories.

There are two things within the email that I want to separate in terms 
of context here: purpose and purpose category.
My interpretation of this is that the category is a top-level abstract 
concept and the purpose is a more specific iteration of it.

1) Network Communication
- I honestly do not understand this in terms of 'purpose', but from what 
little I can grasp - it concerns network connectivity? Someone better 
informed about this should identify how this fits with the DPV taxonomies.
- As an additional note on the email: We do not quantify within the 
DPVCG (yet) about the legal bases required for certain purposes. 
Therefore, I have ignored aspects of legal bases e.g. requires consent
- This raises an interesting body of work: should the DPV provide a way 
to associate legal bases for specific purposes or processing items or 
personal data categories (or combinations thereof). From my pov - this 
is specifying policies and interpretations of laws. So if there is 
interest - we should note it as an use-case and work on best supporting 
it in terms of providing necessary vocabulary.

2) Essential functionality
- This is again completely subjective given that essentiality changes 
with context. I also do not understand this as a purpose category.
- In line with the earlier point - should DPV provide a way to indicate 
a purpose is 'essential', or to put it in more legal terms - specify a 
purpose as based on a certain legal basis such as legitimate interest or 
legal obligation to indicate it is not optional.

3) Analytics
- This is tricky for me to clarify. DPV does not have 'analytics' as a 
purpose because (if I remember the workshop discussions correctly) we 
decided that whatever the analytics is being used for is the actual 
purpose e.g. personalisation, optimisation.
- So within this context, how to indicate analytics as a (sub-)purpose 
associated with a larger purpose? Is 'analytics' possible to be 
expressed as a combination of analytics (processing) for personalisation 

4) Advertising
- DPV does not contain 'advertising' as a purpose category (again some 
discussion happened at the workshop)
- DPV does contain personalised products, recommendations, benefits. So 
where does 'advertising' fit in to these?
- To me, when 'advertising' is a purpose it means 'personalised 
advertising' -> which should be a subset of personalised 
recommendations? Is there some weird cross with Marketing here?

5) Cloud infrastructure and traffic distribution
- I don't understand this as a 'purpose' - same issue as (1) network
- Seems to me that this is relevant to 'Service Provision' that is 
present in DPV?

6) Communication
- Where does this fit into the existing DPV taxonomy?
- We have customer care, is this the same?

7) Document consent
- alternative title for this should be 'record consent' which is IMHO 
more clear and consistent with common usage
- I would suppose this is a legal requirement, so as a purpose where 
does this fit? Service Provision?
- This also brings up the larger issue of what to call purposes that are 
there because they are legal obligations e.g. share data with the 

8) Content Management
- This falls under Service Provision IMO
- However, the definition notes that this applies also to 3rd party 
content including advertising - so I'm skittish about this because this 
makes the purpose not independent of advertising

9) Customer Management
- DPV has customer care - but the definition is different from Signatu's
- Customer Management here is defined in terms of registering 
prospective customers etc -> is this profiling? is this analytics?

10) E-commerce
- DPV has sell products to data subject

11) Marketing
- DPV does not have marketing, we have dpv:CreateProductRecommendations 
which meantions svpu:Marketing (SPECIAL) as a related term
- IMHO it should have marketing as a basic purpose category
- Note: Personalised Marketing is then a subset of Marketing

12) Optimisation
- DPV has optimisations for consumer, controller, optimisation of UI/UX

13) Payment
- DPV does not have payment
- IMHO it should have payment - but the title needs to better reflect 
its indication of transaction
- Fraud Prevention and Detection - which is mentioned in the description 
of payment in Signatu's description, is present in DPV
- This raises the issue of purpose dependencies - here fraud detection 
is a 'sub-purpose' of payment. How to specify this using the DPV?
- When done by subclassing both (payment + fraud detection), it is not 
clear which is 'primary' and 'secondary' in terms of application here.

14) Personalisation
- DPV provides personalisation for recommendations, benefits, and 
service personalisation
- Signatu's description mentions ads and user profiling which are 
different purposes (continuing from previous points on this)

15) Survey and Reviews
- Not sure how one would intepret this, but DPV has R&D as well as 
improvement of existing products
- IMHO provision of a survey is not a purpose into itself. It is what is 
being done with the survey data that is the purpose. So if it is 
understanding user requirements - then the purpose should be analytics 
or R&D (AFAIK)
- Other aspects mentioned in the description e.g. review, rate service, 
read other reviews - seem to me to be Service Provision

16) Search
- Service Provision?

17) Security
- DPV has Security as a purpose but the description only mentions data 
which IMO should be amended to a more generic description of security

18) Single Sign-on
- DPV has identity verification - so this would be a subset of that?
- Defining this purpose seems to imply using a third-party for identity 
verification purposes

19) Social Media
- Isn't this part of Marketing?

20) Tag management
- I don't know what this purpose means or how this relates to purposes 
in DPV

21) Registration and Authentication
- IMO this is covered with Identity Verification


On 23/06/2020 10:36, Georg Philip Krog wrote:
> Dear DPV folks,
> Signatu contributes to the DPV with some *purpose categories* (in the 
> table below).
> These are typical processing purposes of the 3rd parties (in Signatu 3rd 
> party registry) that load remote resources on websites to track end users.
> Some of these categories overlap with those in the existing DPV.
> Purpose category Tag vendorCategoriesDescription Purpose
> Network Communication signatu:network-communication Site sets cookies to 
> carry out the transmission of a communication over an electronic 
> communications network (to route information over a network by 
> identifying the communication ‘endpoints’, or to exchange data items in 
> their intended order, or to detect transmission errors or data loss) 
> Does not require consent. to transmit users’ communication to us and 
> from us back to users over an electronic communications network. If the 
> cookies are disabled, the requested functionality will not work.
> Essential Functionality signatu:service-provision A resource used on a 
> site that 1)the user takes a positive action to request the service with 
> a clearly defined perimeter, 2)is strictly needed to enable the service; 
> if the resources are disabled, the service will NOTwork. Does not 
> require consent. to deliver this service as requested by the user. If 
> the cookies are disabled, the requested functionality will not work.
> Non-essential Functionality signatu:service-functionality A resource 
> used on a site that 1)the user did NOTtake a positive action to request 
> the service with a clearly defined perimeter, 2)is NOTstrictly needed to 
> enable the service; if the resources are disabled, the service will 
> work. Requires consent. to deliver functionalities that the user did not 
> request or that are not strictly needed to enable the service. If the 
> cookies are disabled, the requested functionality may not work.
> Analytics signatu:analytics A platform that measures and reports user 
> interaction with a website.  to report user behaviour and events on this 
> service and traffic on pages.
> Advertising signatu:audience-targeting A provider of technology and data 
> to define a target audience of a target market for a particular 
> advertisement or message. to deliver to users personalised adds that we 
> predict users like to view based on users’ profile and previous browsing 
> behaviour.
> Cloud Infrastructure and Traffic Distribution signatu:cloud An 
> infrastructure of servers, software and network to support computing in 
> a cloud computing model. to distribute the content of this service, 
> analyze the data to optimize server performance, or to find and resolve 
> problems of our software that prevent its correct operation.
> Communication: email, phone, sms, chat, push messages 
> signatu:communication A technology that enables communication bewteeen 
> parties such as email, phone or chat between a website and its users. to 
> communicate with users via email, phone, sms, chat or push messages 
> regarding your requests.
> Document Consent signatu:compliance A technology that enables a website 
> or app to comply with the law, such as a Consent Management Platform 
> that records end users consent. to record users’ consent events, dates 
> and times of consents, user IDs or unique cookie IDs.
> Content Management signatu:content-management A platform to manage the 
> 1st and 3rd party content (including advertising) of a website. to 
> enable users to view, listen to and interact with content delivered on a 
> page of this service.
> Customer Management signatu:crm A platform that registers prospective, 
> existing and lost customers. to register prospective, existing and lost 
> customers to track sales.
> E-commerce signatu:e-commerce A platform that sells products and/or 
> services online. to offer and carry out sales of products and services 
> online.
> Marketing signatu:marketing-tool A technology that enables companies to 
> market their services and/or products. to register users’ phone number 
> and/or email on our marketing phone list and/or email list, and to phone 
> you, send you sms, send you email messages and/or web and mobile push 
> messages. These messages contain information about our products, 
> services, promotions. You can unsubscribe at any time.
> Optimisation signatu:optimisation A platform that enables websites, apps 
> etc to improve sales and users’ experience. to test and compare versions 
> of a page of this service to know which version that performs best, and 
> to identify and correct errors in our software.
> Payment signatu:payment A platform that transacts a payment. to process 
> users’ payment transactions, and send emails to users regarding users’ 
> payments, and to monitor, prevent and detect fraudulent payment 
> transactions.
> Personalisation signatu:personalisation A technology that enables the 
> creation of user profiles and showing users content or ads that are 
> tailored to the interests and preferences of the user. to deliver to 
> users content that we predict users like to see on this service.
> Surveys and Reviews signatu:reviews A platform that enables users to 
> review and rate a service and/or a product, and also to read other 
> users’ reviews. to collect users’ market research answers or enable 
> users to review and rate a service or a product or to read other users’ 
> reviews.
> Search signatu:search A web search engine that searches the World Wide 
> Web in a systematic way for particular information specified in a 
> textual web search query. to search for particular information specified 
> in users’ textual search query.
> Security signatu:security A technology that enables breach protection. 
> to find security flaws, monitor our software for compromise, contain 
> threats, and protect and secure our own and our users' environments.
> Single Sign On signatu:single-sign-on A technology that enables users to 
> use one set of login credentials (e.g., name and password) to access 
> multiple applications. SSO can be used by enterprises, smaller 
> organizations to sign up or log in to this service by using social media 
> authentication credentials.
> Social Media signatu:social A platform that enables users to interact, 
> communicate and share content with other users. to optimise the 
> advertisement and increase economic opportunity of this service by 
> making it visible on social media.
> Tag Management signatu:tag-management A technology used by websites to 
> more easily activate, deactivate and manage 3rd party technologies, and, 
> more recently, the data that they collect. to activate or deactivate the 
> technologies (tags, scripts etc) used on this service.
> Registration and Authentication signatu:verification A technology that 
> enables a website or an app to authenticate users and prevent fraud. to 
> register, authenticate and identify users to enable users to sign up or 
> log in to this service.
> Best regards,
> -- 
> Georg Philip Krog
> signatu <>

Harshvardhan Pandit, Ph.D
Researcher at ADAPT Centre, Trinity College Dublin

Received on Tuesday, 30 June 2020 13:40:52 UTC