Automotive data task force call

21 Mar 2019


Armin, Benjamin, Ted, Glenn, Harjot


Ted: apologies for not sending reminder and with daylight savings it will probably just be us

LPL update

Armin: I have been working to confirming that LPL conforms to GDPR
... we have worked on anonymization, pseudonymization and privacy models and workflow for these elements
... the sampling problem could be expressed similarly
... my idea is we might collect some sampling methodologies and derive a common data model for it
... for each data+purpose we can define sampling that was applied
... some data is aggregated for example
... I have been thinking about the access control parts based on your (Ted) and my conversation on how to apply within vehicle on Linux head unit
... handling who can use the data, we can accomodate without modifying LPL
... we can have different services defined with different recipients
... the research I'm doing also includes the UI part
... we are using real data privacy policies and so far it is working out. LPL requirements are being built out
... we can do this in a web interface and created a library in JSP
... next goal would be to write down some of the new requirements coming from the group and show you how I would integrate them into LPL

Ted missed part asks clarification

Armin: pseudonymization is replacing name with a token
... unsure if there are some privacy descriptions we can analyze better

Ted: we can reach out to our OEMs as they probably have some even publicly available

Armin: the public ones are a bit vague, we would want the more internally used ones

Glenn: we have identified some streams of use cases that would be preselected for example, eg the driver might authorize a garage to have some data access
... there may be new cases to evolve over time and wonder how we can handle them

Armin: there will be two cases we would need to look at
... one would require full consent and purpose would need to be defined, added to the policy policy and user would need to be notified and asked to provide consent
... asking them for additional consent does not have to be integrated within policy language framework, it could be handled out of bounds over email for example
... the other would be a new use case that is part of an existing model, a sub-use case...
... LPL has the functionality to layer policies, you would define this subpurpose and if the use agreed to the higher purpose the consent will convey over

Glenn: in automotive application environment, I am unsure how that would be handled

Armin: you can trust a notification on the app itself. within an infotainment system you would present the user with the new purpose you want them to consent to

Ted: a third party application when installed on the car would explain data usage and prompt owner/operator to provide conssent

Glenn: can LPL accomodate this?

Benjamin: we need concrete examples even if with fake data on how we create, update and manage the consent

Ted: I have a question on my new vocabulary word pseudonymization, how does GDOR apply with this since it is non-attributable to an individual?

Armin: you do this by having a mapping of the token and the original identifier, the trusted person can be reidentified and assert theirs rights
... you can also destroy the data about that identity

Ted: GDPR presumably doesn't provide revokation for anonymized data, does it for pseudonymizated?

Armin: there is no revokation requirements on anonymized data, pseudonymization is still connectible based on this mapping so rights and claims still apply

Ted: we should see if one of our OEM would consider providing us with a more detailed policy to play with LPL


Workshop scope thoughts

Ted provides a rambling overview on workshops at W3C, program committee, timeframe (September), reviews potential scope which includes topics this task force has been exploring, requests feedback, suggestions on who to engage and how people can participate

Ted: goal of the workshop would be to see if there is interest in forming a new Working Group on Transportation Data. Some of the issues we have been exploring would make sense there while this task force would likely continue to convene on automotive centric aspects

Glenn: Dr. Dan Massey from University of Colorado and I spoke and he is interested and will follow up by email
... there is a great deal of interest on intermodal trip profiles from SmartCities and it might be useful for looping in smart phones for that data, CCC

Ted: very open to collaboration and avoiding competing efforts in favor of ones that could compliment
... it has been some time since I have spoken with anyone from CCC
... forget the earlier topic (see F2F minutes?) but recall Patrick who used to be involved with them reached out to see if it was just a problem statement or work actually taking place and it was the former at the time

Glenn: context them came up in was with Irdeto (former W3C member as well but not involved in Automotive) who is a member of CCC but unsure if it has progressed
... we have a street scooter project, in addition to other vehicles, and might be able to come up with use cases for intermodal trips
... there is no attachment of individuals as they move from one mode of transportation to another

Ted: this has me thinking back to Armin's pseudonymization tokens. That identifier can potentially be shared with other data collection services along with consent to cross reference

Armin: you would need some trusted partner to handle the mapping

Ted: what if I as the user gets the token back themselves and then able to provide consent to another party to be able to deem it their identifier with additional parties either for storing information or dereferencing it?

Armin: that is a possibility...

Glenn: that would make sense with especially with a smart phone

action Ted to reach out to OEM for policy

<trackbot> Created ACTION-29 - Reach out to oem for policy [on Ted Guild - due 2019-03-28].

Next steps:

Armin: please put me on the mailing list for this workshop as I'm interested from privacy part

Ted: will do, I have list name in mind but haven't created it yet nor scheduled the next brainstorming sesssion

Summary of Action Items

Summary of Resolutions

[End of minutes]

Minutes manually created (not a transcript), formatted by David Booth's scribe.perl version 1.154 (CVS log)
$Date: 2019/03/21 17:12:55 $