Re: Personal data categories in the online context from Harshvardhan J. Pandit on 2020-06-30 (public-dpvcg@w3.org from June 2020)

From: Harshvardhan J. Pandit <me@harshp.com>
Date: Tue, 30 Jun 2020 15:14:37 +0100
To: Georg Philip Krog <georg@signatu.com>, Data Privacy Vocabularies and Controls Community Group <public-dpvcg@w3.org>
Cc: Torgeir Hovden <torgeir@signatu.com>, Jon Stephansen <jon@signatu.com>
Message-ID: <601660f2-2608-6131-a890-7eae730e1a6e@harshp.com>
Hello.
Thanks for suggesting the personal data categories.

Could you please indicate the closes matching concept within the DPV 
taxonomy (where it exists) so we can work on discussing them?

IMO a lot of these categories are subjective and arbitrary (remember 
there can be an infinite number of personal data categories). So it is 
important for DPV to provide a broad taxonomy capable of specifying most 
of these in abstract terms. Adopters would then utilise specifics.

For e.g. request-target, actions, site speed is IMHO quite obtuse in 
terms of being personal data.

Additionally, some categories already exist in DPV e.g. IP address 
already exists.

Thanks,
Harsh

On 23/06/2020 10:21, Georg Philip Krog wrote:
> Dear DPV folks,
> 
> Signatu contributes to the DPV with some personal data categories (in 
> the table below) that the 3rd parties in Signatu 3rd party registry 
> collect and process when they load remote resources on websites to track 
> end users.
> 
> Some of these categories overlap with those in the existing DPV.
> 
> Data Short description Detailed description Source
> HTTP request to the server User’s request (HTTP) message HTTP messages 
> are how data is exchanged between a server and a client. There are two 
> types of messages: requests sent by the client to trigger an action on 
> the server, and responses, the answer from the server. HTTP messages are 
> composed of textual information encoded, and span over multiple lines. 
> HTTP messages are automatically written by software, a Web browser, 
> proxy, or Web server. 
> https://developer.mozilla.org/en-US/docs/Web/HTTP/Messages
>  user-agent a software that is acting on behalf of a user, such as a web 
> browser that retrieves, renders and facilitates end user interaction 
> with web content. https://en.wikipedia.org/wiki/User_agent
>  user-agent string a string that lets servers and network peers identify 
> the application, operating system, vendor, and/or version of the 
> requesting user agent. In HTTP protocols, this identification is 
> transmitted in a header field User-Agent. In HTTP, the User-Agent string 
> is often used for content negotiation, where the origin server selects 
> suitable content or operating parameters for the response. For example, 
> the User-Agent string might be used by a web server to choose variants 
> based on the known capabilities of a particular version of client 
> software. The concept of content tailoring is built for the sake of 
> tailoring responses to avoid particular user agent limitations. 
> https://en.wikipedia.org/wiki/User_agent#User_agent_identification) 
> (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/User-Agent)
>  request-target a request message is sent with a request-target (derived 
> from the target URI) that requests a resource from the server. 
>  the date and time at which the request originated  
>  IP address a numerical label assigned to each device connected to a 
> computer network that uses the Internet Protocol for communication. An 
> IP address serves two main functions: host or network interface 
> identification and location addressing .An IP address serves two 
> principal functions. It identifies the host, or more specifically its 
> network interface, and it provides the location of the host in the 
> network, and thus the capability of establishing a path to that host. 
> Its role has been characterized as follows: "A name indicates what we 
> seek. An address indicates where it is. A route indicates how to get 
> there The header of each IP packet contains the IP address of the 
> sending host, and that of the destination host. 
> https://en.wikipedia.org/wiki/IP_address
>  from where users arrive by location, referral, direct, organic search, 
> social, campaigns. 
>  an HTTP cookie (if it previously was sent by the server with 
> Set-Cookie) An HTTP cookie (web cookie, browser cookie) is a small piece 
> of data that a server sends to the user's web browser. The browser may 
> store it and send it back with the next request to the same server. 
> Typically, it's used to tell if two requests came from the same browser 
> — keeping a user logged-in, for example. It remembers stateful 
> information for the stateless HTTP protocol. 
> https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies
> Set-Cookie The Set-Cookie HTTP response header is used to send cookies 
> from the server to the user agent, so the user agent can send them back 
> to the server later.  
> (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie
> actions on the website session, session duration, pageviews, content 
> view, navigation, site search, site search terms and pages, events, 
> events flow, landing pages, exit pages.  
> unique device identifier (UDID) specific to a user’s mobile device a 
> distinctive number associated with a smartphone or similar handheld 
> device. Device IDs are separate from hardware serial numbers. Every 
> Apple iPhone, iPod touch and iPad has a unique device ID number 
> associated with it, known as a Unique Device ID (UDID).  
> site speed the time it takes for webpages to be generated by the 
> webserver and then viewed by the user.  
> demographics age, gender, household income, parental status.  
> interests interests linked to interest categories based on for example: 
> page visit history, search history, video watching, data on qualified 
> passion in a given topic, life events, data on who wants what in the 
> market, ad clicks.  
> email address   
> phone number   
> unique user id   
> consent events consent actions that consist of consent, consent refusal, 
> consent withdrawal, no-consent action.  
> terminal equipment end instrument that converts user information into 
> signals for transmission or reconverts the received signals into user 
> information.  https://en.wikipedia.org/wiki/Terminal_equipment
> name   
> address   
> phone number   
> email address   
> communication content Answers, opinions and ratings entered in forms by 
> (1) clicks on checkboxes or radio buttons, (2) text in text fields, (3) 
> drop-down list, (4)
> a file select control for uploading a file
>   
> payment card number   
> payment card expiry date   
> customer’s orders and subscriptions (such as order history, information 
> on subscriptions, incidents and complaints)   
> billing history   
> browser plugins A software component that adds a specific feature to an 
> existing computer program, such as PDF, Flash, Java.   
> https://en.wikipedia.org/wiki/Plug-in_(computing)
> operating system An operating system (OS) is system software that 
> manages computer hardware, software resources, and provides common 
> services for computer programs.  
> https://en.wikipedia.org/wiki/Operating_system
> textual search query   
> username   
> password   
> last login   
> aggregated data about tag firing   
> 
> 
> Best regards,
> -- 
> Georg Philip Krog
> 
> signatu <https://signatu.com>

-- 
---
Harshvardhan Pandit, Ph.D
Researcher at ADAPT Centre, Trinity College Dublin
https://harshp.com/research/
Received on Tuesday, 30 June 2020 14:14:54 UTC