- From: Harshvardhan J. Pandit <me@harshp.com>
- Date: Thu, 12 Oct 2023 06:33:08 +0100
- To: Georg Philip Krog <georg@signatu.com>, Data Privacy Vocabularies and Controls Community Group <public-dpvcg@w3.org>
Hi Georg. Thanks for sharing these. The EDPB/EDPS stances is that in addition to listing provided and observed data (collected), derived and inferred data should also be included in the description. In DPV, we have 3 of these 4 categories - we do not have 'Provided' but we have 'Collected'. I do not know where the table in the LinkedIn post is from, but some of those categorisations are confusing and ambiguous. It also has sub-categorisation of the basic four categories as below: 1) Provided a. Initiated e.g. applications b. Transactional e.g. Health, Surveys c. Posted e.g. social network 2) Observed a. Engaged e.g. cookies, location sensors b. Not Anticipated e.g. car sensors c. Passive e.g. CCTV face images, wi-fi based location 3) Derived a. Computational e.g. credit ratios b. Notational e.g. classification based on 'common attributes of buyers' - Inferred Observations: - The sub-category definitions aren't provided - so without those these seem overlapping, e.g. Initiated has Credit card purchases and Transactional has Bills paid. - Observed - Engaged has Cookies - I seriously doubt that cookies are a form of "engaged observations" without any further descriptions of what the cookies are or is in them. - Other categories have similar issues, e.g. Inferred has 'Statistical' and 'Advanced Analytical' - which is an oxymoronic way of representing this since all analytics is inherently statistical, and also because credit and fraud scores are based on 'advanced statistical analysis'. Action Points: - What we can look to model: a) For Provided - did the User initiate the provision or was responding to something; b) For Observed - was the subject 'active' or 'passive', and could the data be 'anticipated' or was 'unanticipated' (this one is tricky and openly abused). - We are already having discussions on the modelling of Active/Passive data subjects, so we should also ensure that the model we want is compatible with yet another use for Data Collection / Source information. - We do not have Provided - so we add this as a subcategory of Collected (which already contains Observed). Regards, Harsh On 11/10/2023 15:20, Georg Philip Krog wrote: > Dear all, > > There is a Joint EDPB-EDPS contribution to the public consultation on > the draft template relating to the description of consumer profiling > techniques (Art.15 DMA), adopted on 20 September 2023: > > https://edpb.europa.eu/system/files/2023-09/edps-edpb_comments_on_article_15_dma_template_report_for_plen_formatted.pdf <https://edpb.europa.eu/system/files/2023-09/edps-edpb_comments_on_article_15_dma_template_report_for_plen_formatted.pdf> > > https://www.linkedin.com/posts/luisalbertomontezuma_to-understand-the-implications-of-the-taxonomy-activity-7116937919730200576-x72b?utm_source=share&utm_medium=member_ios <https://www.linkedin.com/posts/luisalbertomontezuma_to-understand-the-implications-of-the-taxonomy-activity-7116937919730200576-x72b?utm_source=share&utm_medium=member_ios> > > When listing the sources for the categories of personal data processed > for profiling consumers, the EDPB and the EDPS recommend that > gatekeepers are required to provide the Commission not only with > information on “data originating from third parties” as such but also > data resulting from the “use of third party services”. > > It is possible to duplicate the processing taxonomy as data categories > e.g. collected data, transferred data, stored data OR to have these > categorised based on 'data source'. > > > > -- > Georg Philip Krog > > signatu <https://signatu.com> -- --- Harshvardhan J. Pandit, Ph.D Assistant Professor ADAPT Centre, Dublin City University https://harshp.com/
Received on Thursday, 12 October 2023 05:33:17 UTC