...
The DMRWG meets bi-weekly on Tuesdays at 12:00-13:00 PT / 16:00-17:00 UTC. Check the ToIP Calendar for meeting dates.
Zoom Meeting Link / Recording
...
- Travel planning is online first. In 2023, each travel service typically collects a traveller's profile (requirements and preferences) through a direct ask or via incremental collection via pages and questionnaires shaped by the travel, accommodation and "things to do" context. While nominally being asked (consent) to share personal information, in practice, services are over-gathering personal information, clarifying what information is necessary to provide the service vs. collecting information to benefit the service for targeted marketing and other purposes.
- The current Travel Profile is quite a large model (see model diagram, below) containing PII/Sensitive data far beyond most examples of PII, and is designed to capture requirements and preferences in many different contexts. It needs some work for formal modeling as objects and database schema, plus notes on how the model can safely be extended
- How does this data model mesh with SSI, Verifiable Data, and Privacy, including across jurisdictions?
- What are all the interaction models (workflows) and their impact on consent, selective disclosure, "intent" broadcasting?
- What are the mechanisms for collection (direct ask and observed behavior) in different contexts, and who stores and controls that data?
- Given that travel organizations are being faced with GDPR, for which holding onto personal data is becoming a liability, particularly for breaches, what does a future mechanism look like (traveler controlled, on-demand selective disclosure to services, very limited lifetime service data regetion) and what are the prospects for a smooth transition?
...
Time | Agenda Item | Lead | Notes |
5 min |
| Chairs |
|
50 min | Discussion | All | Background - The proposed Travel Profile TF is currently working on completing a first pass on a core information about a traveler plus looking at how requirements (must have) and preferences (desired options) apply against different travel, hospitality and attractions (things to do) contexts. Investigations have also explored how this model can be extended for more traveler information and additional contexts. The next stages on the project is to look at this from two perspectives
It is proposed to look at three levels of purpose - Intent broadcasting, selective disclosure and consent (these last two are closely coupled). A partial definition of intent broadcasting would: put out a requirement for travel and accommodation, with sufficient information for a travel provider to be able to offer a "travel package", revealing as little PII as possible. More detailed inquiries and then finalization of travel plans likely requires increasing personal information, so consent that data, precisely how it can be used and it's lifetime storage needs to be determined to minimize the risks for both the traveler and the service provider. Key points from discussion: To some extent looking at the travel profile is looking at concrete inter-actions of a traveler (Holder) on a non-trivial set of their personal data, interacting with a Verifier (travel service) , at different levels of depth, where an important consideration is ensuring that the Verifier/travel service is asking for a set of data, some of which is mandator for a service provider to provide and answer or a proposed service and other data is optional, which the traveller can chose not to provide. This may be tempered by the service offering additional benefits to the traveller if they disclose more information. However, that raises the issue of a traveller understanding the consequences of additional disclosure, including harms. This is a good stress use case for real-life consent.
Recent changes and some thoughts on where ToIP/SSI/DIF/Data Privacy needs to go: Neil
Steven - build a profile incrementally, vs overwhelming people with Carly - I don't want it to record all of my preferences - I want to only fill in what I need for immediate needs. Steven - the problem is understanding what are one time choices that are not an indication of preferences? Is that an algorithm that has a threshold of repeated stated preferences or behavior to identify a potential requirement or preference? This implies sophisticated context-sensitive inference to discover preferences (separate one-time choices). These suggests offering a traveller as to what appear to be preferences/requirements. Sankarshan - should requirements and preferences be VCs (Neil, Carly - no they should be Verifiable/Signed Data) - much simpler approach.
Neil - what if we turn the processing of your travel choices is performed by your personal agent vs a service provider? It may not be be on your computing devices, but it is done through services you pay for and control. Sankarshan - if it is my data, I want to hold it myself (or with a service I control) Carly - the problem is, many data privacy agnostic people (who will consent free access to their data in exchange for "free" benefits). However, regulation may get to the point where penalties are painful enough for service providers that they can no-longer offer that due to liability related risk/losses considerations Sankarshan - what we are discussing is going to upend existing economic models (especially as it intersects regulation) Users who, in the past who have not cared about data privacy/agency are likely going to be very afraid of actually owning and managing their data Does the technology + governance exist at this point, even within the next two years that is going to be real, regardless of what has been happening in Aruba, which is only a very thin slice of this experience |
5 min | Plans for 2024 | All |
Need better communication (more blog posts/articles) |
Screenshots/Diagrams (numbered for reference in notes above)
...