1 / 7

Privacy Metadata: Technology Categorization, Fields, and Flags

The W3C Digital Data Community Group is developing recommendations for tagging the common data layer with metadata to enhance privacy education and enforcement. Provide legal and policy feedback on categorizing technologies, flagging data, and defining privacy terms.

sandersb
Download Presentation

Privacy Metadata: Technology Categorization, Fields, and Flags

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Introduction: Privacy Subgroup Request for Policy/Legal Feedback The W3C Digital Data Community Group is building a common data layer for web sites to be incorporated into browser technology. The Privacy Subgroup has formulated recommendations on how to tag the layer with metadata that would provide the site owner with actionable data to assist in the Privacy education and for Privacy technologies to apply an independent enforcement layer. This consists of: • Categorizing Technologies Accessing the Data Layer • Fields to flag data as Private, Identifiable, or Sensitive The Fields for flagging data within the layer are where we would appreciate your focus.

  2. Privacy Metadata: Technology Categorization • Users of the data layer will have the option to create custom categories, and associate technologies with those categories. • An enforcement layer will be able to determine what technologies are authorized to access the data layer • Users will have the option to tag individual data fields within the data layer for access by one or more categories. e.g. Categories: • advertising (Adwords) • analytics(Google Analytics) • personalization (Baynote) • social (Facebook). • Items in the shopping cart can be tagged for access by analytics or advertising, as appropriate.

  3. Privacy Metadata: Flags • Users of the data layer will be able to flag data elements to provide the information to provide additional access control. We would appreciate your organization’s legal and policy feedback on these definitions. (Questions are on following slides.) • Private – Information that alone identifies a site visitor. (e.g. Personally Identifiable Information, or PII) • Identifiable – Information that identifies a site visitor in some combination with other Identifiable information. Identifiable is intended to describe the superset of PII that includes non-PII information. • Sensitive – Information that is not identifying, but could be sensitive, in that it should not be shared. (e.g. medication, condoms, firearms, etc.) This field would be an attribute added by the site owner, as the same piece of information might be sensitive in certain contexts and not others.

  4. Our Chief Objective To create a standard that is: • Concretely defined yet regulation-agnostic • Easy to understand, even by uneducated site owners • Actionable by site owners

  5. Questions: Private Flag • Is Personally Identifiable Information (PII) a universally accepted, worldwide standard, or is it subject to regional precedent? • If PII is not a universal, worldwide standard, what is a definition for Private you apply to your properties in order to be covered in all jurisdictions where you do business? Please include a URL reference to any resource for that definition.

  6. Questions: Identifiable Flag • Is Identifiable an actionable definition for site owners? Does the term convey urgency and purpose? • Does using Identifiable to describe fields within a data layer create confusion, since we would be defining a new term, rather than using a preexisting term like PII? • Would Identifiable according to the given definition be objective or subjective? Please refer to the data layer for examples. Information Identifiable PII

  7. Question: Sensitive Flag • Is Sensitive a separate, actionable definition for site owners? Does the term convey urgency and purpose?

More Related