IETF Logo Mail Archive

Re: [netmod] GDPR and private data

Balázs Lengyel <balazs.lengyel@ericsson.com> Wed, 26 May 2021 11:17 UTC

Return-Path: <balazs.lengyel@ericsson.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 22E833A2ABA for <netmod@ietfa.amsl.com>; Wed, 26 May 2021 04:17:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.799
X-Spam-Level:
X-Spam-Status: No, score=-2.799 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.698, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DX4EN_UYfg1h for <netmod@ietfa.amsl.com>; Wed, 26 May 2021 04:17:17 -0700 (PDT)
Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-eopbgr140079.outbound.protection.outlook.com [40.107.14.79]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ECC743A2AB6 for <netmod@ietf.org>; Wed, 26 May 2021 04:17:16 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=RxvKi2eOyrmzDucW35ntrRFZGNrkclPWc6kQtcVYSbwVWXZJjBeO/Gkbq4ZF92SswQzAdsDFAllHqpsgYWcwgO/iqiDaoSGZJS5R9F7tKdRKS5M8/J+Yns3EePxvdgaWTiLlOil1osYyj5watWa4aOLEGeYxtEukqF0ftUFf9YHvD8AAzvVGsP4mVyr7HVVbqfkoq8bcWyBkqm30BLSy31W4BrYfErLrAd848mr/n6XecH0AejbpALDl0wStTzZy5+YCkXZbynmkMdF5+vWHGYP8xqxYi+RmnDiq53IVSk7YX+vDlQvmjcXSVJUuaYiNJnn/hyoCRfs3X2HibScdpg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=phOQqviRAFOSBIy/8VVuIphhBzURn4hPew+PYGYH9OA=; b=E2Ye0zZiAOdiNo3u0JCWAJdZisUajeICYYNiR1WkE8KSKJvY270PT9i8peGPhoEvxYZKtN0bnSzIAexqTphXNYftaf8cNxw1ssLxyP1c9i7AIAfDjuIMyQBaoo2V0yvk6Y4p58UgC5Wpe/ITRwL7FBbpBd2j5xs731vNs48ySPee85AWqJ684qLSzGm10i7/jIKy0KF/YRCLxM/lQyL4zhrcWqRnMlf5tAZfhprMd1Jtby4P/NTWh0rHa4R7PzWPF/ZTO/BxxhZ1icmTNvHX5mFOg1XYd8ZwdsMHtuWDVxReiVAy10l4EkbKe7ieP8GV0ajBozeGzdANQP6CoiqO5A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=phOQqviRAFOSBIy/8VVuIphhBzURn4hPew+PYGYH9OA=; b=GadtnMHBK8ePd9PbCOkXk0n0gRit1ipuoGtRRZQg0LHy0rIy9PcPigtmm39zX9iPD9h6kOxQGvQsh41UKc+8reamHqt2Drymp6OnWh6MGTOPD8ApwoupYKivUOV7ZE2SNi0GovRZZ54b8QzCWu6ply/GjdvFz2+EK21b6xaRnYM=
Received: from AM8PR07MB8230.eurprd07.prod.outlook.com (2603:10a6:20b:325::15) by AM8PR07MB8312.eurprd07.prod.outlook.com (2603:10a6:20b:32b::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4150.12; Wed, 26 May 2021 11:17:14 +0000
Received: from AM8PR07MB8230.eurprd07.prod.outlook.com ([fe80::d1ca:6b75:8fa4:8d2]) by AM8PR07MB8230.eurprd07.prod.outlook.com ([fe80::d1ca:6b75:8fa4:8d2%7]) with mapi id 15.20.4173.016; Wed, 26 May 2021 11:17:14 +0000
From: Balázs Lengyel <balazs.lengyel@ericsson.com>
To: Carsten Bormann <cabo@tzi.org>
CC: "netmod@ietf.org" <netmod@ietf.org>
Thread-Topic: [netmod] GDPR and private data
Thread-Index: AddSEzTOzip54Q8HTXOu6w/TrUsOBQACjmSAAACh2iA=
Date: Wed, 26 May 2021 11:17:14 +0000
Message-ID: <AM8PR07MB8230357E277B3669E902807AF0249@AM8PR07MB8230.eurprd07.prod.outlook.com>
References: <AM8PR07MB8230C7C05FA2FDB5475234A2F0249@AM8PR07MB8230.eurprd07.prod.outlook.com> <D394016A-3957-4831-AA5F-3AA4A40A1B07@tzi.org>
In-Reply-To: <D394016A-3957-4831-AA5F-3AA4A40A1B07@tzi.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: tzi.org; dkim=none (message not signed) header.d=none;tzi.org; dmarc=none action=none header.from=ericsson.com;
x-originating-ip: [80.98.248.138]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: dca4e7cc-11eb-4197-4cbf-08d92037d088
x-ms-traffictypediagnostic: AM8PR07MB8312:
x-microsoft-antispam-prvs: <AM8PR07MB83124BF4543BAFBDBF68095AF0249@AM8PR07MB8312.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Kn/0EvY00k1M42+rFRch3PNUzHt0GBb3lkoASqU/x0QCLzhSNJafG6Bm9IGUTHFQzOh/etG1gLy+hB5RNfbbQpTza7uMZna/ym4j9CWCwR5fHXLTKjqmERaLjUOblgAStvI5TCx+lYOayJMIP0U+/+mQP9QwCoxky7VQeX9Dw7CKbgpFhrBCceNinC/kiYx9/j1kKKojcm26vHaG4+runZIZHzyJkx5o7t1cZk5O1n8MsOivDQuVJSNyyPI5cFHJRxRGFW/9mo1c1KK4Y9+QHRQYZ3cqjpnlUai2uk8FFRjFBYa9Jx/0fFFX8igQDvir/wNahOQgk0L+UgxkS7EZmVEQnZbK5KsOSj9Xss14N2Fo/N4VSu98+BOexWHLcP5M6Wq36VZrVH7qw9cJhG56897XWuu4vUKtmNQQTxjfmmfJ8avF7AG7bt1KK2boxCSJ4syl2vjWTOY6aqca4pp6QCq4XRC/nEcpF9+oZhGWJ9cBEofNEtaxctwll1cc2EfG6UDk80sc+O1ExI6AtyObq5K07fXBVonGDXWFMLrujmWbbUp1jPELinAK7QjXGIDLv2x7noxrPas6KJk6LUxZXioV4nX5O4HNfkyNFVeJvRg=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM8PR07MB8230.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(136003)(396003)(376002)(366004)(346002)(39860400002)(2906002)(66946007)(66476007)(71200400001)(76116006)(7696005)(83380400001)(55016002)(66446008)(4326008)(9686003)(66574015)(66556008)(8936002)(316002)(6916009)(8676002)(186003)(99936003)(64756008)(66616009)(122000001)(85182001)(52536014)(26005)(85202003)(5660300002)(33656002)(478600001)(38100700002)(53546011)(86362001)(6506007); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: j8WqfvIFYZh17YUIpOXQrzEhsC4eCQbisWu6Hqi0tF7jHrnBovVzI7GugkkbGdg3qVwBMzqgxwW3qmLrGnY08c3fAOnLndwVshIK0UAnm2h6pwmh0oH0gqFPFEzPltkA8m4Z/Ycms7ufeO0mcGzkMu4gfFbk2GXVrj25MlvXmSdwJCxBBlGa9i6gr9ZKcV2xZUC8k9Q47x+v/dPNlIol3RySLehfGEMNg7r4O3ZKzrxYa3hyq5OLPo7aPW6CEHbkNar7E5xR3wzXuZ61BR5GasHXRgCGshX1SmowmoNRzTpSOl3D8nEQAyAtiuxmMGID02kbe/PoUt2V4uhYFPBpY5WakreWVLyMbppT3Q3vEn/YWYLFmtwu54b9Ve9yWzhWMze07N6vUBgKobvY/YUgL8lXJys919s5BHQV6SILLCgcZI3jlE70wHj28cjqIhMEu+Ka7vX3o/bIdxFo/Rb/s8sVqnDmGAyaD3YoWVgrhj0SDhETWOQ/7bwS6vHBeozZv2VerKusfCOWsD5h51N8Y3lcWmTE2u0OT8cbNe/DI4FxuNxJzMFGubNS0rItFxzYFATfYeu98E+LduvS+8puf/OasM2pijxRqIYo6qZ1fstH2NF5tpL8sxM7q86AcmhvtwV0BE+GDq1+7Xu7K1VqndrCR+K/ntFlZU48mcwTrOJCDit1gWamSDofRvZ97+EKAI6BCoA2M3A6pXFZYpnzfvAwfv5kB50shoE3tBcZ6lZ8P05c46s0Xzd4Aryu2PjTFS1UfhEFst2kjDOKqkuzNouu7Re2b08Mqgu60fXYchq0/CA+PZ09SH3gq+/RuFoKXFRgRUUdRmawzWpBhn16OJ8aNjzXRLhSi6S/Lt9KEBG37pkyFkAy4mtPhAq2LfqV/H2M6X3XbonXBfyg9J/CohwtwmK+ElxAHmoLm39Ugm7x3nK10rcaSJ3kTjZRAy2ZzAj/ob95Q1v7BEgfRqi/1EcOxgoZ5nZdy5clmZjKmsMLLhJ25ip4QWm31FH/PlhHWblIwfWubQ6lnqSG/jJ44lkaSSgtHcAE5+A0LdbIm5ARDJ7TSgr6l7/BYtGKAmcuBJTXwnac/GCJwudKDDRsRay4bIBUmJjPAAhacEshWdm9gRdMSvu/qYqDDdPUDgphKDjpvuGUwGAHLQCzVB5FDfzuBZcdasatD1gUzaLN+/DJkgGsj3SufMUki+zJz5GZPdSdIiAzCZoJ1+5Qy7IsnlHld07tvZ2cJKwly56s81uU8Aj2MZlyKVQPeFocKK4inmOGKip2p17My1vp4BoOU5UVykU9KJ57K5cTSnEzWAdzkbl/LmfHgF+QYe2ICZJy
x-ms-exchange-transport-forked: True
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="SHA1"; boundary="----=_NextPart_000_00A3_01D75231.70CBAB70"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM8PR07MB8230.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: dca4e7cc-11eb-4197-4cbf-08d92037d088
X-MS-Exchange-CrossTenant-originalarrivaltime: 26 May 2021 11:17:14.2483 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: OS35GtpPcB0BAH63iaWqWJoGCmXreDLI8IqBBBmKmCkW902Zkm3JBeU7iDAVW6lHJsRrHJ1xx/KeO/h5Z0SqYgcf0e0oQNNFO7RmjiFSt4A=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM8PR07MB8312
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/2QEmzVONeBpxiZz4yMkjXh9RJaY>
Subject: Re: [netmod] GDPR and private data
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 May 2021 11:17:22 -0000

Hello Carsten,
As I see we need a way to mark some data (schema nodes) as personal data. I am looking for such a mechanism. Do you see the need for that too?
The goal is to allow special handling for such data.
- Leaf aaa is general data it can be log and stored forever
- Leaf bbb is marked as personal data. It should be processed differently e.g. 
      -- not logged 
      --logged separately, and these logs must not be retained indefinitely
      -- anonymized during logging. 
      -- Shown or not on the CLI
Regards Balazs

-----Original Message-----
From: Carsten Bormann <cabo@tzi.org> 
Sent: 2021. május 26., szerda 12:54
To: Balázs Lengyel <balazs.lengyel@ericsson.com>
Cc: netmod@ietf.org
Subject: Re: [netmod] GDPR and private data

On 2021-05-26, at 11:49, Balázs Lengyel <balazs.lengyel=40ericsson.com@dmarc.ietf.org> wrote:
> 
> Hello,
> Netconf/Restconf can transfer a lot of data. Some of this data can be personal/private like end-user names, personal phone records, street addresses. Is there a way to marks such data as private? I am thinking about something like putting a YANG extension in the data models:
>  
> extension private-data {
>     description
>       "Indicates that a leaf or leaf-list contains private data.
>     argument privacy-type;
>   }
>  
> Is there any standard solution for this or any proposal ? In the world of GDPR we should be thinking about this.

If the objective is to prevent processing these data at all, then maybe they should not be sent in the first place.

If the objective is to specify what processing of these data is permitted, then there probably needs to be more information that can be fed into a processor so it can derive its authorizations.
(Obviously there is more to privacy than personal user data, but you mentioned GDPR…)

Indeed, this is probably not the group to invent the shape of the authorization data...

Grüße, Carsten

v2.23.0 | Report a Bug | By Email