IETF Logo Mail Archive

Re: [netmod] GDPR and private data

Carsten Bormann <cabo@tzi.org> Wed, 26 May 2021 10:54 UTC

Return-Path: <cabo@tzi.org>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9A2A73A2A33 for <netmod@ietfa.amsl.com>; Wed, 26 May 2021 03:54:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_FAIL=0.001, SPF_HELO_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6BcNEzwyY-3Y for <netmod@ietfa.amsl.com>; Wed, 26 May 2021 03:54:01 -0700 (PDT)
Received: from gabriel-2.zfn.uni-bremen.de (gabriel-2.zfn.uni-bremen.de [IPv6:2001:638:708:32::19]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2B95B3A2A32 for <netmod@ietf.org>; Wed, 26 May 2021 03:54:01 -0700 (PDT)
Received: from [192.168.217.118] (p548dcc89.dip0.t-ipconnect.de [84.141.204.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by gabriel-2.zfn.uni-bremen.de (Postfix) with ESMTPSA id 4Fqnr751N8z316k; Wed, 26 May 2021 12:53:59 +0200 (CEST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.7\))
From: Carsten Bormann <cabo@tzi.org>
In-Reply-To: <AM8PR07MB8230C7C05FA2FDB5475234A2F0249@AM8PR07MB8230.eurprd07.prod.outlook.com>
Date: Wed, 26 May 2021 12:53:59 +0200
Cc: "netmod@ietf.org" <netmod@ietf.org>
X-Mao-Original-Outgoing-Id: 643719239.387962-89e3cc18c3b036857088fe8a74e1d072
Content-Transfer-Encoding: quoted-printable
Message-Id: <D394016A-3957-4831-AA5F-3AA4A40A1B07@tzi.org>
References: <AM8PR07MB8230C7C05FA2FDB5475234A2F0249@AM8PR07MB8230.eurprd07.prod.outlook.com>
To: Balázs Lengyel <balazs.lengyel=40ericsson.com@dmarc.ietf.org>
X-Mailer: Apple Mail (2.3608.120.23.2.7)
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/D_9TjyjI1KPXnIgVBKqkTiYtWzA>
Subject: Re: [netmod] GDPR and private data
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 May 2021 10:54:03 -0000

On 2021-05-26, at 11:49, Balázs Lengyel <balazs.lengyel=40ericsson.com@dmarc.ietf.org> wrote:
> 
> Hello,
> Netconf/Restconf can transfer a lot of data. Some of this data can be personal/private like end-user names, personal phone records, street addresses. Is there a way to marks such data as private? I am thinking about something like putting a YANG extension in the data models:
>  
> extension private-data {
>     description
>       "Indicates that a leaf or leaf-list contains private data.
>     argument privacy-type;
>   }
>  
> Is there any standard solution for this or any proposal ? In the world of GDPR we should be thinking about this.

If the objective is to prevent processing these data at all, then maybe they should not be sent in the first place.

If the objective is to specify what processing of these data is permitted, then there probably needs to be more information that can be fed into a processor so it can derive its authorizations.
(Obviously there is more to privacy than personal user data, but you mentioned GDPR…)

Indeed, this is probably not the group to invent the shape of the authorization data...

Grüße, Carsten

v2.23.0 | Report a Bug | By Email