Hello Carsten,
As I see we need a way to mark some data (schema nodes) as personal data. I am
looking for such a mechanism. Do you see the need for that too?
The goal is to allow special handling for such data.
- Leaf aaa is general data it can be log and stored forever
- Leaf bbb is marked as personal data. It should be processed differently e.g.
-- not logged
--logged separately, and these logs must not be retained indefinitely
-- anonymized during logging.
-- Shown or not on the CLI
Regards Balazs
-----Original Message-----
From: Carsten Bormann <c...@tzi.org>
Sent: 2021. május 26., szerda 12:54
To: Balázs Lengyel <balazs.leng...@ericsson.com>
Cc: netmod@ietf.org
Subject: Re: [netmod] GDPR and private data
On 2021-05-26, at 11:49, Balázs Lengyel
<balazs.lengyel=40ericsson....@dmarc.ietf.org> wrote:
>
> Hello,
> Netconf/Restconf can transfer a lot of data. Some of this data can be
> personal/private like end-user names, personal phone records, street
> addresses. Is there a way to marks such data as private? I am thinking about
> something like putting a YANG extension in the data models:
>
> extension private-data {
> description
> "Indicates that a leaf or leaf-list contains private data.
> argument privacy-type;
> }
>
> Is there any standard solution for this or any proposal ? In the world of
> GDPR we should be thinking about this.
If the objective is to prevent processing these data at all, then maybe they
should not be sent in the first place.
If the objective is to specify what processing of these data is permitted, then
there probably needs to be more information that can be fed into a processor so
it can derive its authorizations.
(Obviously there is more to privacy than personal user data, but you mentioned
GDPR…)
Indeed, this is probably not the group to invent the shape of the authorization
data...
Grüße, Carsten
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ netmod mailing list netmod@ietf.org https://www.ietf.org/mailman/listinfo/netmod
