50 min | Discussion | All | Background - The proposed Travel Profile TF is currently working on completing a first pass on a core information about a traveler plus looking at how requirements (must have) and preferences (desired options) apply against different travel, hospitality and attractions (things to do) contexts. Investigations have also explored how this model can be extended for more traveler information and additional contexts. The next stages on the project is to look at this from two perspectives - How (raw data model) can be enhanced to support SSI and Data Privacy in general and DIF/ToIP in particular.
- How interactions (and there are clearly several different depths of data sharing and interactions) work, including doing a first deep dive into what does a verifier (in this case a travel service) ask for required and optional personal information pertinent to a given travel event or travel service
It is proposed to look at three levels of purpose - Intent broadcasting, selective disclosure and consent (these last two are closely coupled). A partial definition of intent broadcasting would: put out a requirement for travel and accommodation, with sufficient information for a travel provider to be able to offer a "travel package", revealing as little PII as possible. More detailed inquiries and then finalization of travel plans likely requires increasing personal information, so consent that data, precisely how it can be used and it's lifetime storage needs to be determined to minimize the risks for both the traveler and the service provider. Key points from discussion: To some extent looking at the travel profile is looking at concrete inter-actions of a traveler (Holder) on a non-trivial set of their personal data, interacting with a Verifier (travel service) , at different levels of depth, where an important consideration is ensuring that the Verifier/travel service is asking for a set of data, some of which is mandator for a service provider to provide and answer or a proposed service and other data is optional, which the traveller can chose not to provide. This may be tempered by the service offering additional benefits to the traveller if they disclose more information. However, that raises the issue of a traveller understanding the consequences of additional disclosure, including harms. This is a good stress use case for real-life consent. - Sankarshan - Intent broadcasting builds on the concepts of Doc Searls (The Intention Economy: When Customers Take Charge)
- Carly - Preferences (in many cases) can be context dependent - eg. you are a vegetarian on an airline flight, but you will eat meat in a restaurant
- A person may have stated preferences and requirements, but may make different choices in real-time, including stating they are low-cost driven during travel planning, but actually select upmarket options when traveling.
- Sankarshan - Current practice is travel services over-collect personal information (including information for their benefit vs the traveler) and they keep it. However, with GDPR and similar legislation, travel services are starting to understand that retaining personal information puts them at cybersecurity risk, which increases their cybersecurity operational insurance costs (as much as 50%).
- The industry maybe persuadable to leave storage and disclosure with the traveller, only requesting when required and destroying after a service is completed. The term Zero-Party Data applies.
- Neil - Service providers will need to be aware of jurisdictional differences as to what constitutes sensitive data, which likely differ across jurisdictions. And as travel frequently crosses two or more jurisdictions, service providers (and travelers) will need guidance as to determining how they will manage PII they processing. This includes the concept of Blinding Bits. This also raises the concept of having a data schema with overlays for additional metadata, including table/property PII levels and also language translation overlays as can be found in the Overlay Capture Architecture, which is currently being supported by the Human Colossus organization.
- The Traveler will also benefit from understanding what PII attributes and records are sensitive
- Carly - Travelers can use preferences to "scam the system". For example, stating a preference for a Halal meal on aircraft merely because they will be served first (special diets served first), not because of their religion or culture.
- Neil - Travelers will have different sets of preferences depending on, for example: business vs personal and individual vs family vs group preferences across may classes and categories of preferences, so the combination is non-trivial, both to initially specify, but also to maintain.
- Collection of both requirements and preferences is an iterative process, collected over multiple travel experiences, which continually evolve. The challenge is how to manage this without overwhelming the traveller.
- The flip side is if this is done correctly, it will provide much higher levels of seamless and enjoyable travel (that meets expectations) that is also simpler for travel services to deliver.
- Neil - There are stated and observed (by travel providers) preferences. How could that be fed back to the traveler for their benefit. How would they incorporate that into their model? Unknown and possible very different (on a person by person basis. Would that information be stored with the traveler, but accessible by a service provider (with traveler permission/consent)?
- A person may have stated preferences and requirements, but may make different choices in real-time, including stating they are low-cost driven during travel planning, but actually select upmarket options when traveling.
- Sankarshan - Consent needs to provide users control over machine learning (and other processing) that exploits your personal data and context for targeted marketing (and worse) - the goal to offer compelling deals you might not consider (and are more than you wanted to spend). This is much higher level of control than currently available.
- Neil - In a travel scenario, what data is retained may change frequently. The planning process may include different scenarios where personal information shared to explore different travel options, many of which may may be discarded to when plans are finalized. This would suggest that data shared for discarded options are discarded immediately. And information that is used once travel starts may contain additional information (e.g. travel tickets, visas, etc.) which would be discarded as the travel occurs, leaving potentially no operational travel data with any service provider by the end of the trip.
|