- From: Harshvardhan J. Pandit <me@harshp.com>
- Date: Sat, 28 May 2022 12:57:08 +0100
- To: public-dpvcg@w3.org
- Message-ID: <dd0a0ea9-9dc7-fd35-608b-096ab18595f7@harshp.com>
Hello.
This is a rather long email, so tldr - extension providing concepts
related to technologies in relation with data, operations (processes),
security, provision, actors, and communication. Motivation and reasoning
for why this is needed, and how this is different from tech/org measures
is included. Also attached is a CSV with the concepts.
These relate to discussions taken place in the past few meetings, and
this email represents the progress to date.
------------------------------------------
#1 Motivation
------------------------------------------
Currently in DPV we have `dpv:Technology` and `dpv:hasTechnology` for
indicating how technologies are used i.e. how is something implemented
or executed. This is distinct from other concepts which only model the
_conceptual expression_ rather than the practical implementation of how
it is achieved i.e. the technology.
For example, processing concept dpv:Collect has implementation
technology 'Camera' or 'Form on a website', where these are distinct
from the _location_ in the semantic sense i.e. 'on device' or 'url of
website'. Similarly, a 'technical and organisational measure' represents
a _conceptual notation_ for expressing something in the abstract. For
example, 'Encryption' as a broad category of data transformations
providing security, which can be implemented using a specific filesystem
or software - i.e. the implementation technology.
In cases where the broad concept is not sufficient and must be further
described in terms of how it is implemented, the technology extention
will provide concepts for such descriptions. This is useful to describe
practical aspects of data processing, such as tools and software, and
also the roles of actors involved. For example, to describe processing
takes place on servers utilising the AWS service, there needs to be a
distinction between what category of processing from the underlying
implementations. This is important since in theory the same processing
will continue while the providers change.
Though these relations are all lumped as Data Processors within GDPR
(and sometimes as Joint Controllers depending on context), these 'roles'
regarding technologies are important for future reglations i.e. DSA,
DGA, AI Act, and so on. Therefore, this proposal also tries to be
forward looking.
-------------------------
#2 Top concepts
-------------------------
The top concepts for 'Technology' are as below. They relate to
technologies that relate to (i) Data - this is generalised from personal
data so as to not restrict the definition and permit reuse in other
contexts; (ii) Operational - this relates to operations or processes -
however the term operational is preferred so as to not confuse "process"
here with "processing"; (iii) Security - this relates to any kind of
security rather than just that of data; (iv) Management - similar to
security this relates to any kind of management; (v) ID -
identification, identity, or identifier related technologies which are a
special concept because of their important and sensitivity; (vi)
Surveillance - similar to ID these are of particular interest.
Concept: DataTechnology
Parent: dpv:Technology
Technology that uses or interacts with data
Concept: OperationalTechnology
Parent: dpv:Technology
Technology that enables or performs or executes operations and
processes
Concept: SecurityTechnology
Parent: dpv:Technology
Technology that enables or provides security
Concept: ManagementTechnology
Parent: dpv:Technology
Technology that enables or provides management
Concept: IDTechnology
Parent: dpv:Technology
Technology related to identity or identifiers
Concept: SurveillanceTechnology
Parent: dpv:Technology
Technology related to surveillance of individuals or people
-------------------------
#3 Data Technologies
-------------------------
The data technologies are mapped onto Processing concepts within DPV in
a 1:1 form i.e. for each DPV concept, there would be a corresponding
Technology concept for implementation that processing operation. Below
are the top concepts in processing expressed as technologies. Note the
additional "management technology" concept added to all top concepts in
technology.
Concept: DataCopyingTechnology
Parent: dpv-tech:DataTechnology
Technology related to copying data
Concept: DataDisclosureTechnology
Parent: dpv-tech:DataTechnology
Technology related to disclosing data
Concept: DataObtainTechnology
Parent: dpv-tech:DataTechnology
Technology related to obtain data
Concept: DataOrganiseTechnology
Parent: dpv-tech:DataTechnology
Technology realted to organising data
Concept: DataRemovalTechnology
Parent: dpv-tech:DataTechnology
Technology related to removing data
Concept: DataStorageTechnology
Parent: dpv-tech:DataTechnology
Technology related to storing data
Concept: DataTransferTechnology
Parent: dpv-tech:DataTechnology
Technology related to transfering data
Concept: DataTransformTechnology
Parent: dpv-tech:DataTechnology
Technology related to transforming data
Concept: DataUseTechnology
Parent: dpv-tech:DataTechnology
Technology related to using data
Concept: DataSecurityTechnology
Parent: dpv-tech:DataTechnology,dpv-tech:SecurityTechnology
Technology related to security of data
Concept: DataManagementTechnology
Parent: dpv-tech:DataTechnology,dpv-tech:ManagementTechnology
Technology related to management of data
-------------------------
#4 Operational Technologies
-------------------------
These are technologies where processing or activities or operations or
executions happen or are performed or enabled. This is the technical
definition of "processing" in its strictest (engineering) term. Top
concepts here refer to: (i) environment (where the processing takes
place, for example the operating system or container); (ii) devices as
equipments; (iii) management of operations (e.g. kernels); (iv)
application - software or a process; (v) operational management -
alternative label for management.
Concept: OperationalEnvironment
Parent: dpv-tech:OperationalTechnology
Technology that provides an environment for operations to be executed
Concept: OperationalDevice
Parent: dpv-tech:OperationalTechnology
Technology that acts as an equipment or mechanism for operations
Concept: OperationalManagement
Parent: dpv-tech:OperationalTechnology
Technology that manages operations
Concept: Application
Parent: dpv-tech:OperationalTechnology
A computing or digital program
Concept: OperationsManagementTechnology
Parent: dpv-tech:OperationalTechnology,dpv-tech:ManagementTechnology
Technology related to management of operations (alt label)
-------------------------
#5 Security Technologies
-------------------------
The top concepts here refer to three concepts related to security: (i)
PET - privacy enhacing technologies; (ii) Vulnerabilities - How to
detect, prevent, mitigate, and monitor for them; and (iii) Vulnerability
Exploitation and its detection, prevention, mitigation, and monitoring.
The (ii) and (iii) in above reprsent typical stages in risk management,
except there is no modelling of threats, risks, and threat actors, but
instead focus on risk sources (vulnerabilities), and their consequences
(exploitations).
Concept: PET
Parent: dpv-tech:SecurityTechnology
Privacy Enhancing Technologies (PETs) that provide minimisation or
security related to data and privacy
Concept: VulnerabilityDetection
Parent: dpv-tech:SecurityTechnology
Technology related to vulnerability detection
Concept: VulnerabilityPrevention
Parent: dpv-tech:SecurityTechnology
Technology related to vulnerability prevention
Concept: VulnerabilityMitigation
Parent: dpv-tech:SecurityTechnology
Technology related to vulnerability mitigation
Concept: VulnerabilityMonitoring
Parent: dpv-tech:SecurityTechnology
Technology related to vulnerability monitoring
Concept: VulnerabilityExploitationDetection
Parent: dpv-tech:SecurityTechnology
Technology related to vulnerability exploitation detection
Concept: VulnerabilityExploitationPrevention
Parent: dpv-tech:SecurityTechnology
Technology related to vulnerability exploitation prevention
Concept: VulnerabilityExploitationMitigation
Parent: dpv-tech:SecurityTechnology
Technology related to vulnerability exploitation mitigation
Concept: VulnerabilityExploitationMonitoring
Parent: dpv-tech:SecurityTechnology
Technology related to vulnerability exploitation monitoring
Concept: SecurityManagementTechnology
Parent: dpv-tech:SecurityTechnology,dpv-tech:ManagementTechnology
Technology related to management of security
-------------------------
#6 Provision of Technology
-------------------------
Here, provision refers to how that technology is utilised or provided in
terms of a model of use. Things such as products, subscriptions,
algorithms, etc. are modelled under this concept.
Concept: TechnologyProvisionMethod
Parent: dpv:Concept
Method associated with provision or use of technology
Concept: hasProvisionMethod
Parent:
Specifies the provision or usage method of technology
Concept: FixedUse
Parent: dpv-tech:TechnologyProvisionMethod
Technology that can be used a fixed numner of times
Concept: Subscription
Parent: dpv-tech:TechnologyProvisionMethod
Technology that is provided or used as a periodic subscription
Concept: Product
Parent: dpv-tech:TechnologyProvisionMethod
Technology that is provided as a product
Concept: Goods
Parent: dpv-tech:TechnologyProvisionMethod
Technology provided or used as goods
Concept: Services
Parent: dpv-tech:TechnologyProvisionMethod
Technology provided or used as services
Concept: Algorithmic
Parent: dpv-tech:TechnologyProvisionMethod
Technology provided as an algorithm or method
Concept: System
Parent:
Technology provided as a system
Concept: Component
Parent:
Technology provided as a component
-------------------------
#7 Actors
-------------------------
Actor is an Entity with a specific Role. In DPV, we use Entity since
there can be multiple roles. However, in technology, the term Actor
would be preferable since we utilise specific roles in context to the
technology being modelled. If this is confusing or better to be
consistent with DPV, we can change this back to Entity.
The Actors below represent different roles associated with how
technology is developed and used. It reflects a simplification of the
roles defined in the AI Act.
The concept "user" can have different connotations depending on how it
is used. For example, a technology user could refer to someone who
operates it. A "subject" would be someone who the technology is applied
on. For example, on a immigration system at a border, the immigration
officer would be user and the person entering/leaving would be the subject.
Concept: TechnologyActor
Parent: dpv:Entity
Actors and Entities involved in provision, use, and management of
Technology
Concept: TechnologyProvider
Parent: dpv-tech:TechnologyActor
Actor that provides Technology
Concept: hasProvider
Parent: dpv:hasEntity
Indicates technology provider
Concept: TechnologyDeveloper
Parent: dpv-tech:TechnologyActor
Actor that develops Technology
Concept: hasDeveloper
Parent: dpv:hasEntity
Indicates technology developer
Concept: TechnologyUser
Parent: dpv-tech:TechnologyActor
Actor that uses Technologoy
Concept: hasUser
Parent: dpv:hasEntity
Indicates technology user
Concept: TechnologySubject
Parent: dpv-tech:TechnologyActor
Actor that is subject of use of Technology
Concept: hasSubject
Parent: dpv:hasEntity
Indicates technology subject
-------------------------
#8 Location
-------------------------
We already have `dpv:Location` as the concept which can be reused here.
To provide more specific forms of locations, such as "on device" and "on
a server", it would be better to provide them within main DPV as they
also are useful for expressing locations of other concepts.
Some examples include: LocationFixture, FixedLocation,
FixedSingularLocation, FixedMultipleLocations, VariableLocation,
FederatedLocations, DecentralisedLocations, RandomLocation,
LocationLocality, LocalLocation, RemoteLocation, WithinDevice,
CloudLocation, ServerLocation, ServerlessLocation
If the location of technology is to be explicitly defined, then the
concept would be modelled as follows:
Concept: TechnologyUsageLocation
Parent: dpv:Location
Location for where technology is provided or used
Concept: hasLocation
Parent: dpv:hasLocation
Indicates location of technology usage or provision
-------------------------
#9 Communications
-------------------------
Communication is important to express how technologies send and receive
data. These are modelled as a separate concept from Technology.
Concept: CommunicationMechanism
Parent: dpv:Concept
Communication mechanism used or provided by Technologoy
Concept: hasCommunicationMechanism
Parent:
Indicates communication mechanisms used or provided by technology
Concept: Networking
Parent: dpv-tech:CommunicationMechanism
Technology utilising networking communication
Concept: LocalNetwork
Parent: dpv-tech:Networking
Technology utilising local networking communication
Concept: Internet
Parent: dpv-tech:Networking
Technology utilising internet communication
Concept: WiFi
Parent: dpv-tech:Networking
Technology utilising wifi wireless networking communication
Concept: Bluetooth
Parent: dpv-tech:Networking
Technology utilising bluetooth communication
Concept: CellularNetwork
Parent: dpv-tech:Networking
Technology utilising cellular networking communication
Concept: GPS
Parent: dpv-tech:CommunicationMechanism
Technology utilising GPS communication
-------------------------
#10 Maturity / Innovativeness
-------------------------
This concept relates to how proven a technology is, or whether it
represents something that is untested or is innovative and new. These
are relevant since they raise specific concerns regarding risks and
impacts. Rather than defining new qualitative terms, we can reuse
existing ones such as the TRL which indicates "maturity" of technology
in terms of what stage of development and use it is. There is an ISO
standard defining such levels.
Concept: TechnologyReadinessLevel
Parent: dpv:Technology
Indication of maturity of Technology (ISO 16290:2013)
Concept: hasTRL
Parent:
Indicates technology maturity level
-------------------------
#11 Discussed Concepts
-------------------------
The below are some concepts which we discussed in the previous meetings.
These are provided here with their parent concept to see whether the
structure makes sense and to identify limitations/lapses.
Concept: Database
Parent: dpv-tech:DataStorageTechnology
A database, database management system (DBMS), or application database
Concept: Cookie
Parent: dpv-tech:LocalStorage
A HTTP or web or internet cookie
Concept: FileSystem
Parent: dpv-tech:DataStorageTechnology
A data storage and retrieval interface provided by an operating system
Concept: LocalStorage
Parent: dpv-tech:DataStorageTechnology
Data stored 'locally' within a context
Concept: DeviceStorage
Parent: dpv-tech:LocalStorage
Data stored 'on device' as in in the device's storage
Concept: ApplicationStorage
Parent: dpv-tech:LocalStorage
Data stored 'in app' as in within the application's storage
Concept: RemoteStorage
Parent: dpv-tech:DataStorageTechnology
Data stored 'remotely' i.e. not locally within a context
Concept: CloudStorage
Parent: dpv-tech:RemoteStorage
Data stored 'on cloud' i.e. internet-based access to data
Concept: ServerStorage
Parent: dpv-tech:CloudStorage
Data stored on a server i.e. a remote cloud-based storage mechanism
Concept: SmartphoneApplication
Parent: dpv-tech:Application
A computing or digital program on a smartphone device
Concept: DigitalService
Parent: dpv-tech:Service
A service that is provided digitally
Concept: OnlineService
Parent: dpv-tech:Service
A service that is provided through or based on internet i.e. online
connectivity
Concept: TrackingCookie
Parent: dpv-tech:SurveillanceTechnology,dpv-tech:Cookie
Cookies used for tracking
Concept: TrackingPixel
Parent: dpv-tech:SurveillanceTechnology
Pixels or web beacons or similar techniques used for tracking
Concept: PIMS
Parent: dpv-tech:DataManagementTechnology
system that helps to give individuals more control over their
personal data by managing their personal data in secure, on-premises or
online storage systems and sharing it when and with whomever they choose
Concept: PersonalDataStore
Parent:
dpv-tech:DataStorageTechnology,dpv-tech:DataManagementTechnology
(Q: service OR data manegement system) that lets an individual
store, manage and deploy their personal data
Concept: IdentityManagementTechnology
Parent: dpv-tech:IDTechnology,dpv-tech:ManagementTechnology
Technologies providing identity provision, verification,
management, and governance
Concept: IdentityWallet
Parent:
dpv-tech:IdentityManagementTechnology,dpv-tech:DataStorageTechnology
product and service that allows the user to store identity data,
credentials and attributes linked to her/his identity, to provide them
to relying parties on request and to use them for authentication, online
and offline, and to create qualified electronic signatures and seals
Concept: OvertSurveillanceTechnology
Parent: dpv-tech:SurveillanceTechnology
Surveillance that is overt i.e. visible or apparent or explicit
Concept: CovertSurveillanceTechnology
Parent: dpv-tech:SurveillanceTechnology
Surveillance that is covert i.e. invisible or non-apparent or implicit
-------------------------
Regards,
--
---
Harshvardhan J. Pandit, Ph.D
Research Fellow
ADAPT Centre, Trinity College Dublin
https://harshp.com/
Attachments
- text/csv attachment: technology.csv
Received on Saturday, 28 May 2022 11:57:26 UTC