Correcting data - GDPR review

XMLWordPrintable

    • Type: Improvement
    • Resolution: Fixed
    • Priority: Major
    • None
    • Environment:

      MMI

    • Hide

      There are a number of privacy issues connected to GDPR and similar legislation that the spec need to accommodate, but enforcement seem out of scope. Therefore, I suggest added the following, non-normative text to the introduction to the MMI, Section 7.1:

      There are two important aspects of managing personal data that impact on implementations, namely the 'right to be forgotten' and the 'right to correct erroneous data.' The former is addressed by the Forget Consumer operation, section 7.2.12. For the later, it is recommenced in section 8.2.2 that Atoms be stored with a Reliability of less than 100%, thus allowing for later updates and corrections. However, in the event of erroneous 100% Reliable Atoms and erroneous Segment Data, it is recommended that all data for the Consumer be downloaded by the Service Provider, the old Consumer Forgotten (section 7.2.12) and a new Consumer created with the corrected data and Atoms.

      Show
      There are a number of privacy issues connected to GDPR and similar legislation that the spec need to accommodate, but enforcement seem out of scope. Therefore, I suggest added the following, non-normative text to the introduction to the MMI, Section 7.1: There are two important aspects of managing personal data that impact on implementations, namely the 'right to be forgotten' and the 'right to correct erroneous data.' The former is addressed by the Forget Consumer operation, section 7.2.12. For the later, it is recommenced in section 8.2.2 that Atoms be stored with a Reliability of less than 100%, thus allowing for later updates and corrections. However, in the event of erroneous 100% Reliable Atoms and erroneous Segment Data, it is recommended that all data for the Consumer be downloaded by the Service Provider, the old Consumer Forgotten (section 7.2.12) and a new Consumer created with the corrected data and Atoms.
    • Hide

      Section added to 7.1.

      Show
      Section added to 7.1.

      GDPR requires the the ablity to correct data so I think privacy-by-design requires this to be baked into the standard. We discussed the ability to write a 100% certainty atom to make a correction but what if it is already 100% or we are correcting a correction?

      The other issue area is the segment data that cannot be added/changed after first registration. This is also an issue for people who move home countries.

            Assignee:
            David Snelling (Inactive)
            Reporter:
            josslangford
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: