15,627
edits
Changes
Jump to navigation
Jump to search
Line 1:
Line 1: + + + − == Interesting queries ==+ − * [{{SPARQLEmbed|query= − #defaultView:Graph − SELECT ?item ?itemLabel ?_image WHERE { − ?item pdiot:P28 pdio:Q370. − SERVICE wikibase:label { − bd:serviceParam wikibase:language "en" . − } − OPTIONAL { ?item pdiot:P47 ?_image. } − } − LIMIT 100 − }} adtech mess] − * [https://query.personaldata.io/index.html#PREFIX%20pdio%3A%20%3Chttp%3A%2F%2Fwiki.personaldata.io%2Fentity%2F%3E%0APREFIX%20pdiot%3A%20%3Chttp%3A%2F%2Fwiki.personaldata.io%2Fprop%2Fdirect%2F%3E%0A%0ASELECT%20%3Fitem%20%3Flabel%20%3F_image%20WHERE%20%7B%0A%20%20%3Fitem%20pdiot%3AP3%20pdio:Q33.%0A%20%20SERVICE%20wikibase%3Alabel%20%7B%0A%20%20%20%20bd%3AserviceParam%20wikibase%3Alanguage%20%22en%22%20.%20%0A%20%20%20%20%3Fitem%20rdfs%3Alabel%20%3Flabel%0A%20%20%7D%0A%20%20%0AOPTIONAL%20%7B%20%3Fitem%20pdiot%3AP47%20%3F_image.%20%7D%0A%7D%0ALIMIT%20100 datasets about the adtech ecosystem] + − * [http://query.personaldata.io/embed.html#PREFIX%20pdio%3A%20%3Chttp%3A%2F%2Fwiki.personaldata.io%2Fentity%2F%3E%0APREFIX%20pdiot%3A%20%3Chttp%3A%2F%2Fwiki.personaldata.io%2Fprop%2Fdirect%2F%3E%0APREFIX%20pdiop%3A%20%3Chttp%3A%2F%2Fwiki.personaldata.io%2Fprop%2F%3E%0APREFIX%20pdiops%3A%20%3Chttp%3A%2F%2Fwiki.personaldata.io%2Fprop%2Fstatement%2F%3E%0APREFIX%20pdiopq%3A%20%3Chttp%3A%2F%2Fwiki.personaldata.io%2Fprop%2Fqualifier%2F%3E%0A%23defaultView%3AGraph%0ASELECT%20%20%3Fobject%20%3FobjectLabel%20%3Frgb%20%3Fsubject%20%3FsubjectLabel%20%0AWHERE%20%7B%0A%20%20VALUES%20%28%3Fobject%20%3Frgb%29%7B%0A%20%20%20%20%20%20%20%28pdio%3AQ110%20%22FF0000%22%29%0A%20%20%20%20%20%20%20%28pdio%3AQ495%20%2200FF00%22%29%0A%20%20%20%20%20%20%20%28pdio%3AQ559%20%220000FF%22%29%0A%20%20%20%20%20%20%20%28pdio%3AQ153%20%22333333%22%29%0A%20%20%20%20%20%20%20%28pdio%3AQ491%20%22888800%22%29%20%20%0A%20%20%20%20%20%20%20%28pdio%3AQ807%20%22008888%22%29%0A%20%20%20%20%20%20%20%28pdio%3AQ492%20%22880088%22%29%0A%20%20%20%20%20%20%20%28pdio%3AQ498%20%22440000%22%29%0A%20%20%20%20%20%20%20%28pdio%3AQ810%20%22004400%22%29%0A%20%20%20%20%20%20%20%28pdio%3AQ556%20%22000044%22%29%0A%20%20%20%20%7D%0A%20%20VALUES%20%3Fpredicate%20%7B%0A%20%20%20%20%20%20%20pdiot%3AP3%0A%20%20%20%20%20%20%20pdiot%3AP28%0A%20%20%20%20%7D%20%0A%20%20%3Fsubject%20%3Fpredicate%20%3Fobject%0A%20%20SERVICE%20wikibase%3Alabel%20%7B%0A%20%20%20%20bd%3AserviceParam%20wikibase%3Alanguage%20%22en%22%20.%20%0A%20%20%7D%0A%7D%0ALIMIT%2010000 Lumascape] − == Observation on right of access ==+ + + + + + + − === Preliminary remark ===+ − GDPR Art. 15 (Right of Access)+ − 1. The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:+ − * the purposes of the processing;+ − * the categories of personal data concerned;+ − * the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;+ − * where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;+ − * the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;+ − * the right to lodge a complaint with a supervisory authority;+ − * where the personal data are not collected from the data subject, any available information as to their source;+ − * the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.+ − 2. Where personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards pursuant to Article 46 relating to the transfer. + − 3. The controller shall provide a copy of the personal data undergoing processing. 2For any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. 3Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form.+ − 4. The right to obtain a copy referred to in paragraph 3 shall not adversely affect the rights and freedoms of others.+ + + + + + + + + + + + + − + − OpenWPM has split up into a testbed for mass crawling, and a web extension which is separate (currently used in a second project, for mass reporting to Mozilla).+ − + − + − Someone should suggest to schema.org to add GDPR related terms (like "data controller", "access request email endpoint", etc).+ + Line 53:
Line 63: − * [[Addressing_adtech/Guardian|An example request]], generated directly from {{Q|855}}. Line 87:
Line 96: − + − + + Line 98:
Line 108: + + + + + + + + + + − + + + + + + + + + + + + + + + + + + + + + + + + + + Line 114:
Line 159: − + − + − SELECT ?item ?label ?_image WHERE { − ?item pdiot:P3 pdio:Q110. − SERVICE wikibase:label { − bd:serviceParam wikibase:language "en" . − ?item rdfs:label ?label − } − OPTIONAL { ?item pdiot:P47 ?_image. } − } − LIMIT 100}} adtech companies] − * [{{SPARQLEmbed|query= − SELECT ?item ?label ?_image WHERE { − ?item pdiot:P3 pdio:Q495. − SERVICE wikibase:label { − bd:serviceParam wikibase:language "en" . − ?item rdfs:label ?label − } − OPTIONAL { ?item pdiot:P47 ?_image. } − } − LIMIT 100}} data management platforms] − * [{{SPARQLEmbed|query= − SELECT ?item ?label ?_image WHERE { − ?item pdiot:P3 pdio:Q559. − SERVICE wikibase:label { − bd:serviceParam wikibase:language "en" . − ?item rdfs:label ?label − } − OPTIONAL { ?item pdiot:P47 ?_image. } − } − LIMIT 100}} identity resolution services] − *[{{SPARQLEmbed|query={{SPARQLPredicateGraph − |filter_values_colors=(pdio:Q110 "EEEEEE")(pdio:Q495 "222288")(pdio:Q559 "8822222") − |predicate=pdiot:P3 − |predicates_subjects_objects_colors=(pdiot:P111 pdio:Q495 pdio:Q559 "EEEEEE")(pdiot:P111 pdio:Q495 pdio:Q559 "222288") − |legend=true − }}}} actors]
no edit summary
= Overall strategy =
== Philosophy ==
The right of access is a tool to provide accountability for profiling, beyond challenging consent or legal basis. It is actually complementary.
The right of access allows to probe the entire ecosystem, strategically. Using this strategy requires to blend knowledge of law and technology.
== Strategy ==
* [https://lumapartners.com/wp-content/uploads/2017/01/2y103ITnIXmg2.lPu6ncZsis.wcn8DVuYIUfyLrC9cdQiWUhfOdDLq6-1024x768.png "historic" Lumascape picture]
* [https://lumapartners.com/wp-content/uploads/2017/01/2y103ITnIXmg2.lPu6ncZsis.wcn8DVuYIUfyLrC9cdQiWUhfOdDLq6-1024x768.png "historic" Lumascape picture]
* Ignore the average end user. Focus on investigator, who is a blend of:
** legal scholar;
** tech auditor;
** strategic litigation NGO;
** educator;
** data protection authority confidante;
** journalist (for amplification).
It is a technical and human, but secondary, problem to break the one-brain barrier within civil society -- does require to overcome traditional barriers, like attribution (but Open Science strategies can mitigate).
* Build up reliable facts separately in the technical and legal domains.
* Work (hard) to reconcile the two, and refine the reconciliation by iteration.
== Key factors ==
Increase utility of information obtained through SARs in order to further the goals of people here.
* Knowing flows of data from a technological standpoint (but: limited auditing capacity, we are partly blind);
* Knowing purposes for each data processing operation, including transfers;
* Knowing the legal positioning of the services, including over each data transfer (data controller vs data processor);
* Knowing to whom the user is identifiable, and how (including if more information is provided).
== Tactics ==
* Classify services, based on business presentations. Enter at each step of the process through access requests.
* Same service can exist at all scales, attack all of them
* Filing a SAR is cheap, but takes time. Make it easier (schema.org lobbying, for instance --> Art 40.2.f).
* Carpet bombing is A-OK, at high frequency (reducing time lag for responses).
* Makes it easy to comply with access requests (standards, such as openGDPR)
= The landscape =
== Datasets about the adtech ecosystem ==
* [[WebXray domain ownership list]]
* [[Related datasets]]
= Visualizations =
{{Project:Adtech/Visualizations|state=collapsed}}
== Observation on OpenWPM ==
= A prototype =
* {{Q|102}}
* [https://twitter.com/CartoCharles/status/1130367901767262209 Think OpenStreetMap, not Google Street View or Tesla]
* [[Addressing_adtech/Guardian|An example request]], generated directly from {{Q|855}}.
== Schema.org suggestion ==
= Ontology =
See [[Project:Ontology/Adtech]]
= Precise questions =
== {{Q|845}}-related questions ==
== {{Q|845}}-related questions ==
* What is the impact of a {{Q|839}} on a {{AllQ|495}}?
* What is the impact of a {{Q|839}} on a {{AllQ|495}}?
*** {{Q|546}} for instance facilitated the selling of an {{Q|496}} by {{Q|840}} of people more "likely to be constipated". This was determined (?) through the use of {{Q|539}}.
*** {{Q|546}} for instance facilitated the selling of an {{Q|496}} by {{Q|840}} of people more "likely to be constipated". This was determined (?) through the use of {{Q|539}}.
=== Tag management ===
=== Tag management ===
== Adtech experiments ==
== Adtech experiments ==
* {{Q|188}} helps get feedback quicker
* {{Q|188}} and subclasses help get feedback quicker
* {{Q|858}} defines a {{Q|94}}
* {{Q|858}} defines a {{Q|94}}
** There are problems with the [https://vendorlist.consensu.org/vendorlist.json "purposes" defined in the consent framework].
** There are problems with the [https://vendorlist.consensu.org/vendorlist.json "purposes" defined in the consent framework].
* Through cookie manipulations you can consent very flexibly. A/B test on the entire IAB, agree to A on odd day, B on even day.
* Through cookie manipulations you can consent very flexibly. A/B test on the entire IAB, agree to A on odd day, B on even day.
== Facebook's Replacement IDs ==
== Consents ==
Consents are interesting data points, that should be within the scope of Access and (it seems) Portability.
== Privacy Shield ==
== Privacy Shield ==
Involves Europeans, but also Americans, whose data goes abroad. Drives a wedge between Facebook Ireland and Facebook Inc, etc.
Involves Europeans, but also Americans, whose data goes abroad. Drives a wedge between Facebook Ireland and Facebook Inc, etc.
== Facebook's Replacement IDs ==
Crucial in the context of WhatsApp/Messenger/Instagram merger.
Facebook implements the entire ecosystem into one product. This is a challenge for them in blurring between pseudonymization and anonymization. They implement all of this into one big association table. See {{Q|860}}, page 46 of 57.
= What next? =
== Question on what is observable in RTB ==
There is a bias in what researchers study. What is it?
== Links to competition ==
== Links to competition ==
Privacy is a dead-end for enforcement. It will always boil down to consent and design, and always be abused in unaccountable ways, in order to get the first users. And then it will expand progressively to everyone (cf. Facebook's experiments to get my consent in order to use facial recognition).
Privacy is a dead-end for enforcement. It will always boil down to consent and design, and always be abused in unaccountable ways, in order to get the first users to adopt new intrusive technologies. And then it will expand progressively to everyone (cf. Facebook's experiments to get my consent in order to use facial recognition).
On the other hand, tracing data flows -- which is possible thanks to data protection law -- helps define exactly the assets that are being shared. It's not just about raw (personal) data, it's also about the consents associated to this data, as well as its identifiability. Once all this is taken into account, we will have a better understanding of the personal data market, and will be better able to assess dominance of some players over that market. This might open the door to a more reasoned antitrust action.
On the other hand, tracing data flows -- which is possible thanks to data protection law -- helps define exactly the assets that are being shared. It's not just about raw (personal) data, it's also about the consents associated to this data, as well as its identifiability. Once all this is taken into account, we will have a better understanding of the personal data market, and will be better able to assess dominance of some players over that market. This might open the door to a more reasoned antitrust action.
== Observations on right of access ==
GDPR Art. 15 (Right of Access)
1. The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:
* the purposes of the processing;
* the categories of personal data concerned;
* the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
* where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
* the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
* the right to lodge a complaint with a supervisory authority;
* where the personal data are not collected from the data subject, any available information as to their source;
* the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
2. Where personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards pursuant to Article 46 relating to the transfer.
3. The controller shall provide a copy of the personal data undergoing processing. 2For any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. 3Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form.
4. The right to obtain a copy referred to in paragraph 3 shall not adversely affect the rights and freedoms of others.
== Schema.org suggestion ==
Someone should suggest to schema.org to add GDPR related terms (like "data controller", "access request email endpoint", etc).
== Observation on OpenWPM ==
OpenWPM has split up into a testbed for mass crawling, and a web extension which is separate (currently used in a second project, for mass reporting to Mozilla).
* [https://twitter.com/CartoCharles/status/1130367901767262209 Think OpenStreetMap, not Google Street View or Tesla]
* --> Build toolkits/diffuse computing?!
== Relevant items ==
== Relevant items ==
* {{Q|559}}
* {{Q|559}}
== Interesting queries ==
== See also ==
* [{{SPARQLEmbed|query=
* [[Project:GetYourData]]