[Concept]: Enhancements for Personal Data Types

[nihadatakishiyev]

Specs

Personal Data (PD)

New Concept(s)

I would like to request the addition of the following terms to the list of personal data types, either as new terms or through an extended definition of an existing term. For the majority of the terms, I have suggested a relevant parent element, but please feel free to adjust it as needed.

1. Term: pd:BluetoothAddress
   Label: Bluetooth Address
   Definition: Information about the Bluetooth address of a device.
   Parent term: pd:DeviceBased
   Source: -
   Usage note: -

2. Term: pd:IMEIAddress
   Label: IMEI Address
   Definition: A unique identifier assigned to a mobile device for cellular network identification.
   Parent term: pd:DeviceBased
   Source: -
   Usage note: -

3. Term: pd:MEID
   Label: MEID
   Definition: A unique identifier used to identify a mobile device, primarily in CDMA networks.
   Parent term: pd:DeviceBased
   Source: -
   Usage note: -

4. Term: pd:DeviceInfo
   Label: Device Info
   Definition: Information about a device, including its characteristics, model, and other identifying details.
   Parent term: pd:DeviceBased
   Source: -
   Usage note: -

5. Term: pd:SimCardInformation
   Label: SIM Card Information
   Definition: Information related to the SIM card of a device, including its unique identifiers and network details.
   Parent term: pd:DeviceBased
   Source: -
   Usage note: -

6. Term: pd:NetworkIdentifier
   Label: Network Identifier
   Definition: Information used to identify a device or connection within a network. e.g: IP Address, MAC Address, IMEI, BSSID, SSID
   Parent term: pd:DeviceBased
   Source: -
   Usage note: - Umbrella term for all network identifiers listed above

7. Term: pd:NetworkActivity
   Label: Network Activity
   Definition: Information about a device's network interactions, including connections, data usage, and communication logs.
   Parent term: pd:DeviceBased
   Source: -
   Usage note: -

8. Term: pd:SMSCode
   Label: SMS Code
   Definition: A one-time code sent via SMS for authentication purposes.
   Parent term: pd:Authenticating
   Source: -
   Usage note: Typically used for two-factor authentication (2FA) or identity verification.

9. Term: pd:AuthToken
   Label: Authentication Token
   Definition: A secure token used to verify and maintain a user's authenticated session.
   Parent term: pd:Authenticating
   Source: -
   Usage note: Commonly used in API authentication and session management.

10. Term: pd:EmailTimestamp
    Label: Email Timestamp
    Definition: A recorded date and time associated with an email communication.
    Parent term: pd:Email
    Source: -
    Usage note: Typically used for tracking when an email was sent, received, or opened. I added pd: Email as a parent because we already have pd: EmailContent so it might make sense to create umbrella term pd: Email

11. Term: pd:MessageContent
    Label: Message Content
    Definition: The textual or multimedia content of a communication message.
    Parent term: pd:Communication
    Source: -
    Usage note: Can include text messages, chat conversations, or multimedia attachments. It might make sense to all add Timestamp for message communication (same as email)

12. Term: pd:BrowserCookie
    Label: Browser Cookie
    Definition: A small piece of data stored on a user's device by a web browser, used for session management, personalization, and tracking.
    Parent term: -
    Source: -
    Usage note: Can include session cookies, persistent cookies, and tracking cookies.

13. Term: pd:AuthenticationProvider
    Label: Authentication Provider
    Definition: A third-party service responsible for verifying and authenticating user identities.
    Parent term: pd:External
    Source: -
    Usage note: Examples include OAuth providers (e.g., Google, Facebook, Microsoft) and single sign-on (SSO) services.

14. Term: pd:NetworkAccessIdentifier
    Label: Network Access Identifier
    Definition: A unique identifier used to authenticate a device or user within a network.
    Parent term: pd:Identifying
    Source: -
    Usage note: -

Changed Concept(s)

Existing Term: e.g., dpv:NewConcept or risk:NewConcept
Change: e.g., change label from X to Y, or add usage note stating "xyz"
Justification: optional comment giving reasons why the change should be made

[coolharsh55]

Thanks @nihadatakishiyev - I think these make sense (considering the use case of smartphone apps accessing this info). The parent concepts and the phrasing of the term itself may change to align with concepts, but I don't see any issues. I'll mention this in the next meeting on FEB-27.

[nihadatakishiyev]

@coolharsh55 - I edited the main text and incorporated concepts from #245 along with a few others. Feel free to delete #245 .

[coolharsh55]

Thanks - we cannot delete issues, so I will close #245 instead.

[coolharsh55]

Hi @nihadatakishiyev this was discussed in Meeting MAR-06 and there were questions about the proposed terms regarding definitions and ambiguity. Can you please clarify & revise your proposal based on the comments? (see meeting notes)

1. pd:BluetoothAddress - is this "Bluetooth Address" or "Bluetooth MAC Address"? If MAC address, then it should be defined under that existing concept.
2. pd:IMEIAddress - IMEI is an identifier, it isn't clear what is an "IMEI Address"?
3. pd:MEID - Is this "Mobile Equipment Identifier" and if so, how do we group this with other identifiers and distinguish network and device identifiers?
4. pd:DeviceInfo - Abbreviation is not needed here - it should be "Device Information". Do the other concepts like identifiers come under this or they are different?
5. pd:SimCardInformation - is this part of the device information concept or separate from it?
6. pd:NetworkIdentifier - This is a broad concept. How does this relate to the other identifiers - it mentions MAC which exists, and IMEI which is proposed. SSID etc.
7. pd:NetworkActivity - How broad is this concept? Communication logs are just metadata or all communication information?
8. pd:SMSCode - this is highly specified without relevant parent taxonomy in place. For example, SMS -> SMS contents -> SMS code or SMS 2FA?
9. pd:AuthToken - Should this be "Auth Token" or "Authentication Token"? How does this relate to SMS Code? Auth. tokens would also be present outside of devices e.g. in other software/apps?
10. pd:EmailTimestamp - Perhaps we have EmailMetadata and then under it there could be concepts like timestamp, sender/receiver, and so on?
11. pd:MessageContent - same as above comments - this is quite broad. Rather than message, would it be better to have CommunicationContent and CommunicationMetadata (and then you can extend for specific stuff like SMS)?
12. pd:BrowserCookie - we are not sure how to define this as browser cookies may or may not be personal data, and because cookies are a storage mechanism/technology. Currently, the discussion suggests that cookies not be modelled as a personal data category, but instead as a technology (in TECH extension), and combined with specific personal data categories to indicate they are stored in cookies.
13. pd:AuthenticationProvider - this is an entity (like Provider in TECH). It does not seem to fit the personal data categories taxonomy.
14. pd:NetworkAccessIdentifier - This should be part of the broader identifier concept? And all identifiers should be defined as identifying?