From 9f8c68bb412b583d46dfd3d03ec540560f8b0020 Mon Sep 17 00:00:00 2001 From: circlsupportuser Date: Wed, 2 May 2018 17:10:19 +0200 Subject: [PATCH 1/2] Add taxonomy to classify special categories of personal data as defined in the GDPR --- gdpr/machinetag.json | 55 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) create mode 100644 gdpr/machinetag.json diff --git a/gdpr/machinetag.json b/gdpr/machinetag.json new file mode 100644 index 0000000..2c45ec7 --- /dev/null +++ b/gdpr/machinetag.json @@ -0,0 +1,55 @@ +{ + "namespace": "gdpr", + "description": "Taxonomy related to the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)", + "version": 0, + "predicates": [ + { + "value": "special-categories", + "expanded": "Special Categories", + "description": "Special categories of personal data, refer to Art. 9 of the GDPR" + } + ], + "values": [ + { + "predicate": "special-categories", + "entry": [ + { + "value": "racial-or-ethnic-origin", + "expanded": "Racial or ethnic origin" + }, + { + "value": "political-opinions", + "expanded": "Political opinions" + }, + { + "value": "religious-or-philosophical-beliefs", + "expanded": "Religious or philosophical beliefs" + }, + { + "value": "trade-union-membership", + "expanded": "Trade union membership" + }, + { + "value": "genetic-data", + "expanded": "Genetic data", + "description": "Genetic data means personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question." + }, + { + "value": "biometric-data", + "expanded": "Biometric data", + "description": "Biometric data for the purpose of uniquely identifying a natural person. Biometric data means personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopic data." + }, + { + "value": "health", + "expanded": "Health", + "description": "Data concerning health. Data concerning health means personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status." + }, + { + "value": "sex-life-or-sexual-orientation", + "expanded": "Sex life or sexual orientation", + "description": "Data concerning a natural person's sex life or sexual orientation" + } + ] + } + ] +} From a8619b240d68b0ebb0667e6b7779580019c773c9 Mon Sep 17 00:00:00 2001 From: circlsupportuser Date: Wed, 2 May 2018 17:11:31 +0200 Subject: [PATCH 2/2] Add taxonomy to classify the degree of identifiability of personal data --- fpf/machinetag.json | 99 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 99 insertions(+) create mode 100644 fpf/machinetag.json diff --git a/fpf/machinetag.json b/fpf/machinetag.json new file mode 100644 index 0000000..d1c53d8 --- /dev/null +++ b/fpf/machinetag.json @@ -0,0 +1,99 @@ +{ + "namespace": "fpf", + "description": "The Future of Privacy Forum (FPF) [visual guide to practical de-identification](https://fpf.org/2016/04/25/a-visual-guide-to-practical-data-de-identification/) taxonomy is used to evaluate the degree of identifiability of personal data and the types of pseudonymous data, de-identified data and anonymous data. The work of FPF is licensed under a creative commons attribution 4.0 international license.", + "version": 0, + "predicates": [ + { + "value": "degrees-of-identifiability", + "expanded": "Degrees of identifiability", + "description": "Information containing direct and indirect identifiers." + }, + { + "value": "pseudonymous-data", + "expanded": "Pseudonymous Data", + "description": "Information from which direct identifiers have been eliminated or transformed, but indirect entifiers remain intact." + }, + { + "value": "de-identified-data", + "expanded": "De-identified data", + "description": "Direct and known indirect identifiers have been removed or manipulated to break the linkage to real world identities." + }, + { + "value": "anonymous-data", + "expanded": "Anonymous data", + "description": "Direct and indirect identifiers have en removed or manipulated together with mathematical and technical guarantees to prevent re-identification." + } + ], + "values": [ + { + "predicate": "degrees-of-identifiability", + "entry": [ + { + "value": "explicitly-personal", + "expanded": "Explicitly personal", + "description": "Name, address, phone number, SSN, government-issued ID (e.g., Jane Smith, 123 Main Street, 555-555-5555)" + }, + { + "value": "potentially-identifiable", + "expanded": "Potentially identifiable", + "description": "Unique device ID, license plate, medical record number, cookie, IP address (e.g., MAC address 68:A8:6D:35:65:03)" + }, + { + "value": "not-readily-identifiable", + "expanded": "Not readily identifiable", + "description": "Same as Potentially Identifiable except data are also protected by safeguards and controls (e.g., hashed MAC addresses & legal representations)" + } + ] + }, + { + "predicate": "pseudonymous-data", + "entry": [ + { + "value": "key-coded", + "expanded": "Key coded", + "description": "Clinical or research datasets where only curator retains key (e.g., Jane Smith, diabetes, HgB 15.1 g/dl = Csrk123)" + }, + { + "value": "pseudonymous", + "expanded": "Pseudonymous", + "description": "Unique, artificial pseudonyms replace direct identifiers (e.g., HIPAA Limited Datasets, John Doe = 5L7T LX619Z) (unique sequence not used anywhere else)" + }, + { + "value": "protected-pseudonymous", + "expanded": "Protected pseudonymous", + "description": "Same as Pseudonymous, except data are also protected by safeguards and controls" + } + ] + }, + { + "predicate": "de-identified-data", + "entry": [ + { + "value": "de-identified", + "expanded": "De-identified", + "description": "Data are suppressed, generalized, perturbed, swapped, etc. (e.g., GPA: 3.2 = 3.0-3.5, gender: female = gender: male)" + }, + { + "value": "protected-de-identified", + "expanded": "Protected de-identified", + "description": "Same as De-Identified, except data are also protected by safeguards and controls" + } + ] + }, + { + "predicate": "anonymous-data", + "entry": [ + { + "value": "anonymous", + "expanded": "Anonymous", + "description": "For example, noise is calibrated to a data set to hide whether an individual is present or not (differential privacy)" + }, + { + "value": "aggregated-anonymous", + "expanded": "Aggregated anonymous", + "description": "Very highly aggregated data (e.g., statistical data, census data, or population data that 52.6% of Washington, DC residents are women)" + } + ] + } + ] +}