Re: [netmod] GDPR and private data
On 26/05/2021 11:49, Balázs Lengyel wrote:
> Hello,
>
> Netconf/Restconf can transfer a lot of data. Some of this data can be
> personal/private like end-user names, personal phone records, street
> addresses. Is there a way to marks such data as private? I am thinking
> about something like putting a YANG extension in the data models:
>
>
>
> extension private-data {
>
> description
>
> "Indicates that a leaf or leaf-list contains private data.
>
> argument privacy-type;
>
> }
>
>
>
> Is there any standard solution for this or any proposal ? In the world
> of GDPR we should be thinking about this.
I do not believe a static extension like this is going to cut it. The
basic assumption it makes is that data provenance can be established at
design time -- and that runs contrary to the fact that data can be
derived from other data via processing.
I think an RFC7952-based annotation would be more appropriate: it would
work outside of the static model to positively identify that a
particular leaf value in fact contains privacy-sensitive data and the
receiving system should treat it as such.
Regards,
Robert
OpenPGP_signature
Description: OpenPGP digital signature
___
netmod mailing list
netmod@ietf.org
https://www.ietf.org/mailman/listinfo/netmod
Re: [netmod] GDPR and private data
GDPR uses the term 'personal data' and I assume for many leafs in a
data model the answer whether a leaf is 'personal data' is not simple
to answer given that also data items belong to 'personal data' if they
combined with other information can identify a natural person.
For example, is an IPv6 prefix 'personal data'? Well, it depends...
‘personal data’ means any information relating to an identified or
identifiable natural person (‘data subject’); an identifiable
natural person is one who can be identified, directly or indirectly,
in particular by reference to an identifier such as a name, an
identification number, location data, an online identifier or to one
or more factors specific to the physical, physiological, genetic,
mental, economic, cultural or social identity of that natural
person;
Another possible question is whether the act of tagging (or not
tagging) leafs in a data model has a legal liability component at the
if the processing of data depends on such tags. Well, that surely
depends on what the presence of such a tag implies, does such a tag
control access to data on a NC/RC server (nacm:default-deny-all), does
it control storage of data outside a NC/RC server, does it control
processing of data outside a NC/RC server?
What you need I think are context (deployment) specific tags, static
data model tags likely only work for the (obvious) trivial cases and
may mislead people to be GDPR compliant while they are not.
/js
On Wed, May 26, 2021 at 09:49:32AM +, Balázs Lengyel wrote:
> Hello,
>
> Netconf/Restconf can transfer a lot of data. Some of this data can be
> personal/private like end-user names, personal phone records, street
> addresses. Is there a way to marks such data as private? I am thinking about
> something like putting a YANG extension in the data models:
>
>
>
> extension private-data {
>
> description
>
> "Indicates that a leaf or leaf-list contains private data.
>
> argument privacy-type;
>
> }
>
>
>
> Is there any standard solution for this or any proposal ? In the world of
> GDPR we should be thinking about this.
>
>
>
> Regards Balazs
>
>
>
> --
>
> Balazs LengyelSenior Specialist
> Ericsson Hungary Ltd.
>
> Mobile: +36-70-330-7909 email: balazs.leng...@ericsson.com
>
>
>
> ___
> netmod mailing list
> netmod@ietf.org
> https://www.ietf.org/mailman/listinfo/netmod
--
Juergen Schoenwaelder Jacobs University Bremen gGmbH
Phone: +49 421 200 3587 Campus Ring 1 | 28759 Bremen | Germany
Fax: +49 421 200 3103
Re: [netmod] GDPR and private data
Hello Carsten,
As I see we need a way to mark some data (schema nodes) as personal data. I am
looking for such a mechanism. Do you see the need for that too?
The goal is to allow special handling for such data.
- Leaf aaa is general data it can be log and stored forever
- Leaf bbb is marked as personal data. It should be processed differently e.g.
-- not logged
--logged separately, and these logs must not be retained indefinitely
-- anonymized during logging.
-- Shown or not on the CLI
Regards Balazs
-Original Message-
From: Carsten Bormann
Sent: 2021. május 26., szerda 12:54
To: Balázs Lengyel
Cc: netmod@ietf.org
Subject: Re: [netmod] GDPR and private data
On 2021-05-26, at 11:49, Balázs Lengyel
wrote:
>
> Hello,
> Netconf/Restconf can transfer a lot of data. Some of this data can be
> personal/private like end-user names, personal phone records, street
> addresses. Is there a way to marks such data as private? I am thinking about
> something like putting a YANG extension in the data models:
>
> extension private-data {
> description
> "Indicates that a leaf or leaf-list contains private data.
> argument privacy-type;
> }
>
> Is there any standard solution for this or any proposal ? In the world of
> GDPR we should be thinking about this.
If the objective is to prevent processing these data at all, then maybe they
should not be sent in the first place.
If the objective is to specify what processing of these data is permitted, then
there probably needs to be more information that can be fed into a processor so
it can derive its authorizations.
(Obviously there is more to privacy than personal user data, but you mentioned
GDPR…)
Indeed, this is probably not the group to invent the shape of the authorization
data...
Grüße, Carsten
smime.p7s
Description: S/MIME cryptographic signature
___
netmod mailing list
netmod@ietf.org
https://www.ietf.org/mailman/listinfo/netmod
Re: [netmod] GDPR and private data
On 2021-05-26, at 11:49, Balázs Lengyel
wrote:
>
> Hello,
> Netconf/Restconf can transfer a lot of data. Some of this data can be
> personal/private like end-user names, personal phone records, street
> addresses. Is there a way to marks such data as private? I am thinking about
> something like putting a YANG extension in the data models:
>
> extension private-data {
> description
> "Indicates that a leaf or leaf-list contains private data.
> argument privacy-type;
> }
>
> Is there any standard solution for this or any proposal ? In the world of
> GDPR we should be thinking about this.
If the objective is to prevent processing these data at all, then maybe they
should not be sent in the first place.
If the objective is to specify what processing of these data is permitted, then
there probably needs to be more information that can be fed into a processor so
it can derive its authorizations.
(Obviously there is more to privacy than personal user data, but you mentioned
GDPR…)
Indeed, this is probably not the group to invent the shape of the authorization
data...
Grüße, Carsten
___
netmod mailing list
netmod@ietf.org
https://www.ietf.org/mailman/listinfo/netmod
[netmod] GDPR and private data
Hello,
Netconf/Restconf can transfer a lot of data. Some of this data can be
personal/private like end-user names, personal phone records, street
addresses. Is there a way to marks such data as private? I am thinking about
something like putting a YANG extension in the data models:
extension private-data {
description
"Indicates that a leaf or leaf-list contains private data.
argument privacy-type;
}
Is there any standard solution for this or any proposal ? In the world of
GDPR we should be thinking about this.
Regards Balazs
--
Balazs LengyelSenior Specialist
Ericsson Hungary Ltd.
Mobile: +36-70-330-7909 email: balazs.leng...@ericsson.com
smime.p7s
Description: S/MIME cryptographic signature
___
netmod mailing list
netmod@ietf.org
https://www.ietf.org/mailman/listinfo/netmod
