W3C

- DRAFT -

Automotive data task force Teleconference

28 Jun 2018

Attendees

Present
Harjot, Glenn, Benjamin, Ted, Marty, Dominik
Regrets
Chair
Glenn, Benjamin
Scribe
Ted

Contents


Infoshare

Ted: please share with the group any pertinent explorations you are undertaking

Dominik: Glenn shared his fleet management consent with us

fleet consent

Dominik shares screen

Data Provider | Neutral Server | Data Consumer / Service Provider | Registered Keeper / Customer

Dominik: I have started to include the fleet manager use case in addition to the one we have been descibing previously
... there is a third use case - this example is for a rental company that can provide consumer (and third parties) a ride log
... there will be a legal agreement captured by the rental company

Glenn: that looks like the use cases to explore
... we are a data processor and consent is required from the customer, the fleet manager. it is up to them to get permission from their employees
... we capture it in an EULA with the fleet manager
... it is a limited construct and very similar to your middle use case. your third one (for rental) is potentially pertinent when the drivers are independent contractors instead of employees

Ted: receiving some early pointers on potential work we may want to leverage, eg ODRL vocabulary for consent capture and PROV for data contracts
... I will be speaking to Ivan Herman, the W3C Team Contact for ORDL, tomorrow
... Glenn and I are reaching out to people in heavy vehicles to get their take on VSS (VISS/RSI) feasibility for their signals and Electronic Data Logging (ELD, us regulator requirement for fleets)
... spoke with John Schneider from Agile Delta who contributed significantly to Efficient XML Interchange (EXI) about his experiences using it to increase efficiency and reduce bandwidth on data transmission
... although we deemed transmission out of scope for now it is still worth learning more and he will be presenting at an upcoming call plus reaching out to his OEM contacts about this activity
... continuing talks with some OEM interested in this activity and need to reach out to a few we have communicated with around ISO Extended Vehicle work

PROV dictionary

ODRL vocab

EXI

Consent use cases

Glenn: there are three main actors data producer, the fleet owner and data processor
... the processor acts on behalf of the controller and up to them to get consent from the data subject (driver)
... it can either be an employee which is more straight forward or contractor
... we cover this with our EULA and cover all the intended uses of the data, enumerating what information is collected

fleet consent

Glenn: we do not believe the data is owned but used and can be redistributed provided consent was given
... there are a couple other nuances in the note. it is simplified when just looking at the fleet compared to the more complex of the Caruso/Fraunhofer
... should any questions come up subsequent to this meeting, please feel free

Ted: it can get more complicated though with fleet managers leasing vehicles and bringing in contractors on a short term basis in addition to owned vehicles and employed drivers

Glenn: as a data processor it is not our responsibility to get the consent but up to the controller to get it
... however the leasing company collects consent is up to the controller

Dominik: there are more complex scenarios as Ted described that adds indirections that we need to handle
... how that consent gets shared among the different players is what Caruso/Fraunhofer are working on
... in Geotab's case they have an assertion on behalf of the controller that they have permission

Glenn: agree with what you said

Ted: it can get more complicated though with fleet managers leasing vehicles and bringing in contractors on a short term basis in addition to owned vehicles and employed drivers

Glenn: not sure, those differences may already be included

Dominik: data provider had data and we consider it owned by the driver and data consumer is providing a service to the driver that warrants access to the information
... you can always reduce to the three models on that slide and can handle multiple consumers

Ted: we may want to capture consent from multiple parties, fleet manager and contracted driver, since they may wish to share different subsets of information with different third parties, eg contractor with his insurance provider

Glenn: it would be a useful excercise to collect use cases and ensure all the edge cases are covered

Ted: I'll start the consent use case wiki

Glenn: I suggest having a table with the different actors
... on the issue of data ownership, I can give my view
... information about you is not something you own but do retain control from a privacy perspective
... there is an aspect of control but property rights do not apply in our opinion
... GDPR and laws elsewhere require consent for PII

Infoshare

Data Contract

Glenn: we had a discussion within an internal group on the constructs of data contracts. Harjot and I can start a document to represent that and would like guidance on format the group would find useful

Ted: verbose description of the various aspects would be helpful. I'll share a link on PROV

[adjourned]

Summary of Action Items

Summary of Resolutions

[End of minutes]

Minutes formatted by David Booth's scribe.perl version 1.152 (CVS log)
$Date: 2018/06/28 17:08:46 $