Positioning the DMRWG direction for the remainder of 2023 and into 2024
Purpose of this work group – the Data Modeling and Representation Work Group
DMRWG Tasks
Other Working Groups and Task forces this group is participating in contributing on Data issues
Agenda Items and Notes (including all relevant links)
Time
Agenda Item
Lead
Notes
5 min
Start recording
Welcome & antitrust notice
Introduction of new members
Agenda review
Chairs
Antitrust Policy Notice:Attendees are reminded to adhere to the meeting agenda and not participate in activities prohibited under antitrust and competition laws. Only members of ToIP who have signed the necessary agreements are permitted to participate in this activity beyond an observer role.
55 mins
Topics (see above)
All
IIW Session Summaries
Selective Disclosure - allows users to express what data they wish to disclose for a particular purpose, but as so much of your personal data is already disclosed and being shared by online services, it is of questionable use in ensuring either Data Privacy or Confidentiality.
Anonymization of personal data - is also highly questionable as current and coming correlation and related algorithms can still identify you with a sufficient variety of anonymized records about you. Cited example (Academic paper) - correlating hand/head movement w PII can be very accurate.
Consent - legally valid consent requires demonstrable understanding by the user of what they agree to and the potential harms. That "bar" cannot be met by an individual consenting, alone on their smartphone or laptop.
Data lifetimes - current practice is PII/Personal data are retained by services. This is counter to data privacy and, in 2023+, unnecessary as the data can be re-requested from the user (or from secure storage under their control). Organizations (Google) have expressed that risks are increasing (breach, etc.) of retaining personal data after initial use.
DIF, ToIP WG and TFs Data issues
Consent/Privacy - A new proposal based on IIW discussions on a change of strategy for ensuring confidentiality and online safety for users is in development, through requiring much higher transparency on personal data processing by services and 3rd party (human/AI) assistance to ensure legally valid user consent.
DIF Hospitality and Travel SIG. ToIP Attraction Pass
Data Schema for a common Traveler Profile - a comprehensive, largely self-attested list of a person's characteristics, health, religious, dietary needs and other factors, plus travel and accommodation preferences. It is proposed as a new standard for the travel industry.
Recognizes that people have different profiles, such as business travel, solo vs. family travel, etc.
Dealing with groups of travelers (an extension of the Guardianship work at Sovrin)
Applying SSI trust chains to customer and service provider relationships for Attraction ticket sales and redemption.
Personal Data Collection by Services - example: stated vs actual preferences. Travel services collect a large amount of data, including all the details of your itinerary plans and how they unfolded on your trip, including spending patterns and what you selected or did vs your stated preferences. This is both a privacy problem and a large opportunity for both travelers and services to improve both privacy and traveler satisfaction.
Working uses cases of trust for concert ticket attractions including the secure selling, reselling and redemption of passes/tickets
Tracking what is going on with Data and Privacy legislation and regulation in N/A and the EU.
Related work on Data Agreements with ISO 27000 (IT security), including 27001, 27701 (privacy information management), and 27560 consent receipt (work by Mark Lizar and Jan Lindquist, who are ToIP members)
Strengths and weaknesses of current data sharing agreements and consent
The impact of jurisdictions and their specific legislation on SSI, consent, data privacy, etc.
Authentic Data and Trust - lineage/provenance of data, how it was produced/collected and how it transformed
Action Items
Create a model of the 5W2H transparency model, leveraging and building a model/diagram from the Data Privacy Vocabulary work to handle more specific data and purpose definitions for data sharing consent agreements.
Complete the Consent Replacement proposal document.
Why Data Agreements are/are not Ricardian Contracts
Plus - Ricardian contracts are based on legal contracts, are human and machine-readable, support terms and conditions and are cryptographically digitally signed
Minus - are primarily about the exchange of financial value, primarily Bitcoin and/or financial transaction agreements and are Blockchain dependent. They do have issues, are not widely deployed, and the roadmap is uncertain.
5 mins
Review decisions/action items
Planning for next meeting
Chairs
Screenshots/Diagrams (numbered for reference in notes above)