Discussion on the DIF - Hospitality/Travel SIG → Travel Profile TF - Travel Profile proposal and impact on ToIP, SSI and Data Privacy
Travel planning is online first. In 2023, each travel service typically collects a traveller's profile (requirements and preferences) through a direct ask or via incremental collection via pages and questionnaires shaped by the travel, accommodation and "things to do" context. While nominally being asked (consent) to share personal information, in practice, services are over-gathering personal information, clarifying what information is necessary to provide the service vs. collecting information to benefit the service for targeted marketing and other purposes.
The current Travel Profile is quite a large model containing PII/Sensitive data far beyond most examples of PII, and is designed to capture requirements and preferences in may different contexts.
How does this data model mesh with SSI, Verifiable Data, and Privacy, including across jurisdictions?
What are all the interaction models (workflows) and their impact on consent, selective disclosure, "intent" broadcasting?
What are the mechanisms for collection (direct ask and observed behavior) in different contexts, and who stores and controls that data?
Given that travel organizations are being faced with GDPR, for which holding onto personal data is becoming a liability, particularly for breaches, what does a future mechanism look like (traveler controlled, on-demand selective disclosure to services, very limited lifetime service data regetion) and what are the prospects for a smooth transition?
Agenda Items and Notes (including all relevant links)
Time
Agenda Item
Lead
Notes
5 min
Start recording
Welcome & antitrust notice
Introduction of new members
Agenda review
Chairs
Antitrust Policy Notice:Attendees are reminded to adhere to the meeting agenda and not participate in activities prohibited under antitrust and competition laws. Only members of ToIP who have signed the necessary agreements are permitted to participate in this activity beyond an observer role.
55 mins
Topics (see above)
All
IIW Session Summaries
Selective Disclosure - allows users to express what data they wish to disclose for a particular purpose, but as so much of your personal data is already disclosed and being shared by online services, it is of questionable use in ensuring either Data Privacy or Confidentiality.
Anonymization of personal data - is also highly questionable as current and coming correlation and related algorithms can still identify you with a sufficient variety of anonymized records about you. Cited example (Academic paper) - correlating hand/head movement w PII can be very accurate.
Consent - legally valid consent requires demonstrable understanding by the user of what they agree to and the potential harms. That "bar" cannot be met by an individual consenting, alone on their smartphone or laptop.
Data lifetimes - current practice is PII/Personal data are retained by services. This is counter to data privacy and, in 2023+, unnecessary as the data can be re-requested from the user (or from secure storage under their control). Organizations (Google) have expressed that risks are increasing (breach, etc.) of retaining personal data after initial use.
DIF, ToIP WG and TFs Data issues
Consent/Privacy - A new proposal based on IIW discussions on a change of strategy for ensuring confidentiality and online safety for users is in development, through requiring much higher transparency on personal data processing by services and 3rd party (human/AI) assistance to ensure legally valid user consent.
DIF Hospitality and Travel SIG. ToIP Attraction Pass
Data Schema for a common Traveler Profile - a comprehensive, largely self-attested list of a person's characteristics, health, religious, dietary needs and other factors, plus travel and accommodation preferences. It is proposed as a new standard for the travel industry.
Recognizes that people have different profiles, such as business travel, solo vs. family travel, etc.
Dealing with groups of travelers (an extension of the Guardianship work at Sovrin)
Applying SSI trust chains to customer and service provider relationships for Attraction ticket sales and redemption.
Personal Data Collection by Services - example: stated vs actual preferences. Travel services collect a large amount of data, including all the details of your itinerary plans and how they unfolded on your trip, including spending patterns and what you selected or did vs your stated preferences. This is both a privacy problem and a large opportunity for both travelers and services to improve both privacy and traveler satisfaction.
Working uses cases of trust for concert ticket attractions including the secure selling, reselling and redemption of passes/tickets
Tracking what is going on with Data and Privacy legislation and regulation in N/A and the EU.
Related work on Data Agreements with ISO 27000 (IT security), including 27001, 27701 (privacy information management), and 27560 consent receipt (work by Mark Lizar and Jan Lindquist, who are ToIP members)
Strengths and weaknesses of current data sharing agreements and consent
The impact of jurisdictions and their specific legislation on SSI, consent, data privacy, etc.
Authentic Data and Trust - lineage/provenance of data, how it was produced/collected and how it transformed
Action Items
Create a model of the 5W2H transparency model, leveraging and building a model/diagram from the Data Privacy Vocabulary work to handle more specific data and purpose definitions for data sharing consent agreements.
Complete the Consent Replacement proposal document.
Why Data Agreements are/are not Ricardian Contracts
Plus - Ricardian contracts are based on legal contracts, are human and machine-readable, support terms and conditions and are cryptographically digitally signed
Minus - are primarily about the exchange of financial value, primarily Bitcoin and/or financial transaction agreements and are Blockchain dependent. They do have issues, are not widely deployed, and the roadmap is uncertain.
5 mins
Review decisions/action items
Planning for next meeting
Chairs
Screenshots/Diagrams (numbered for reference in notes above)