Merge pull request #97 from circlsupportuser/master

Add two taxonomies related to data protection, specifically in the scope of GDPR
2018-05-02 17:43:23 +02:00 · 2018-05-02 17:43:23 +02:00 · 7ddad0aead
parent 132b8baf74 a8619b240d
commit 7ddad0aead
2 changed files with 154 additions and 0 deletions
--- a/fpf/machinetag.json
+++ b/fpf/machinetag.json
@ -0,0 +1,99 @@
+{
+  "namespace": "fpf",
+  "description": "The Future of Privacy Forum (FPF) [visual guide to practical de-identification](https://fpf.org/2016/04/25/a-visual-guide-to-practical-data-de-identification/) taxonomy is used to evaluate the degree of identifiability of personal data and the types of pseudonymous data, de-identified data and anonymous data. The work of FPF is licensed under a creative commons attribution 4.0 international license.",
+  "version": 0,
+  "predicates": [
+    {
+      "value": "degrees-of-identifiability",
+      "expanded": "Degrees of identifiability",
+      "description": "Information containing direct and indirect identifiers."
+    },
+    {
+      "value": "pseudonymous-data",
+      "expanded": "Pseudonymous Data",
+      "description": "Information from which direct identifiers have been eliminated or transformed, but indirect entifiers remain intact."
+    },
+    {
+      "value": "de-identified-data",
+      "expanded": "De-identified data",
+      "description": "Direct and known indirect identifiers have been removed or manipulated to break the linkage to real world identities."
+    },
+    {
+      "value": "anonymous-data",
+      "expanded": "Anonymous data",
+      "description": "Direct and indirect identifiers have en removed or manipulated together with mathematical and technical guarantees to prevent re-identification."
+    }
+  ],
+  "values": [
+    {
+      "predicate": "degrees-of-identifiability",
+      "entry": [
+        {
+          "value": "explicitly-personal",
+          "expanded": "Explicitly personal",
+          "description": "Name, address, phone number, SSN, government-issued ID (e.g., Jane Smith, 123 Main Street, 555-555-5555)"
+        },
+        {
+          "value": "potentially-identifiable",
+          "expanded": "Potentially identifiable",
+          "description": "Unique device ID, license plate, medical record number, cookie, IP address (e.g., MAC address 68:A8:6D:35:65:03)"
+        },
+        {
+          "value": "not-readily-identifiable",
+          "expanded": "Not readily identifiable",
+          "description": "Same as Potentially Identifiable except data are also protected by safeguards and controls (e.g., hashed MAC addresses & legal representations)"
+        }
+      ]
+    },
+    {
+      "predicate": "pseudonymous-data",
+      "entry": [
+        {
+          "value": "key-coded",
+          "expanded": "Key coded",
+          "description": "Clinical or research datasets where only curator retains key (e.g., Jane Smith, diabetes, HgB 15.1 g/dl = Csrk123)"
+        },
+        {
+          "value": "pseudonymous",
+          "expanded": "Pseudonymous",
+          "description": "Unique, artificial pseudonyms replace direct identifiers (e.g., HIPAA Limited Datasets, John Doe = 5L7T LX619Z) (unique sequence not used anywhere else)"
+        },
+        {
+          "value": "protected-pseudonymous",
+          "expanded": "Protected pseudonymous",
+          "description": "Same as Pseudonymous, except data are also protected by safeguards and controls"
+        }
+      ]
+    },
+    {
+      "predicate": "de-identified-data",
+      "entry": [
+        {
+          "value": "de-identified",
+          "expanded": "De-identified",
+          "description": "Data are suppressed, generalized, perturbed, swapped, etc. (e.g., GPA: 3.2 = 3.0-3.5, gender: female = gender: male)"
+        },
+        {
+          "value": "protected-de-identified",
+          "expanded": "Protected de-identified",
+          "description": "Same as De-Identified, except data are also protected by safeguards and controls"
+        }
+      ]
+    },
+    {
+      "predicate": "anonymous-data",
+      "entry": [
+        {
+          "value": "anonymous",
+          "expanded": "Anonymous",
+          "description": "For example, noise is calibrated to a data set to hide whether an individual is present or not (differential privacy)"
+        },
+        {
+          "value": "aggregated-anonymous",
+          "expanded": "Aggregated anonymous",
+          "description": "Very highly aggregated data (e.g., statistical data, census data, or population data that 52.6% of Washington, DC residents are women)"
+        }
+      ]
+    }
+  ]
+}
--- a/gdpr/machinetag.json
+++ b/gdpr/machinetag.json
@ -0,0 +1,55 @@
+{
+  "namespace": "gdpr",
+  "description": "Taxonomy related to the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)",
+  "version": 0,
+  "predicates": [
+    {
+      "value": "special-categories",
+      "expanded": "Special Categories",
+      "description": "Special categories of personal data, refer to Art. 9 of the GDPR"
+    }
+  ],
+  "values": [
+    {
+      "predicate": "special-categories",
+      "entry": [
+        {
+          "value": "racial-or-ethnic-origin",
+          "expanded": "Racial or ethnic origin"
+        },
+        {
+          "value": "political-opinions",
+          "expanded": "Political opinions"
+        },
+        {
+          "value": "religious-or-philosophical-beliefs",
+          "expanded": "Religious or philosophical beliefs"
+        },
+        {
+          "value": "trade-union-membership",
+          "expanded": "Trade union membership"
+        },
+        {
+          "value": "genetic-data",
+          "expanded": "Genetic data",
+          "description": "Genetic data means personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question."
+        },
+        {
+          "value": "biometric-data",
+          "expanded": "Biometric data",
+          "description": "Biometric data for the purpose of uniquely identifying a natural person. Biometric data means personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopic data."
+        },
+        {
+          "value": "health",
+          "expanded": "Health",
+          "description": "Data concerning health. Data concerning health means personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status."
+        },
+        {
+          "value": "sex-life-or-sexual-orientation",
+          "expanded": "Sex life or sexual orientation",
+          "description": "Data concerning a natural person's sex life or sexual orientation"
+        }
+      ]
+    }
+  ]
+}