Metadata Application for Personal Data Transparency


Release:1.0
Date: February/2020
Author: Thiago Adriano Coleti (thiagocoleti@usp.br) Curriculum
Supervisors>: Dr. Pedro Luiz Pizzigatti Correa (pedro.correa@usp.br) (Curriculum) and Dr. Marcelo Morandini (m.morandini@usp.br) (Curriculum)
Development process: TR-Model release 1.0 was developed as component of Thiago's PhD research in Electrical Engineering- concentration area: Computer Engineering, at Polytechnic School of University of Sao Paulo - Sao Paulo - SP - Brazil.


TR-Model Domain Model


TR-Model Metadata and Metaevents


TR-Model Metadata and Metaevents Description

Actors Entity
Name Type of presentation Transparency Information Description
Actor's Name Text An identifiable name
Type Text or Images Specify a single task that the actor can perform using the Personal Data. It may provide one of the following data: (1) Controller; (2) Protection Office; and (3) Recipient
Address Text List of following items: (1) Street Name; (2) Number; (3) City; (4) State/Province; (5) Postal Code; and (6) Country
Phone Text Phone Country Code + Phone Number
Email Text Internet mailbox associated with exactly one.
Protection Office Text An instance of entity Actor with Metadata Type set as: Protection Office. This field may not be filled if the actor is a “Protection Office
Procurator Instance of Actors Entity Presents the name of a person that answers for control management. This field is mandatory for Controllers or Recipients.

Personal Data Entity
Name Type of presentation Transparency Information Description
Metadata
Description Text Identificable and short description given to Personal Data. Example: (1) Location; (2) Credit Card purchase value; or (3) Performance of a physical activity .
Granularity Text or Infographic A combination of items separated by "+" combined with the sentence: "Personal Data {Personal Data Name} is composed by: {granularity/combination of items}. Example: Personal Data Location is composed by: Latitude + Longitude + Date + Time
Resource Text, Inforgraphic or Video If the Personal Data is collected by the controller that will use the data directly from data subject, the system may present a minimal amount of sentences describing the resources used to create the data items. If the resource is unusual for people, the system should supplement the information with a brief description of the resource. Example: The latitude and longitude data are registered by smartphone’s GPS system. GSP is an internal resource of hardware that cannot be visualized (just accessed via software) by users.
Mandatory Collection Text It must present whether the data collection is mandatory in the related purpose of usage. This information must be followed by a justification sentence case the mandatory value is YES. Case the information is NO, the software can provide a text describing the consequences of the lack of data collecting.
Metaevents
Permission of use Image or Video This event must consider the moment or the action which the data owner granted the use of his/her data. To present it for data subjects, the system must use a set of images presenting the interface used to give the consent in order to remember/explain to user about the moment when he/she allowed (or will allow) the use of his/her Personal Data. The images can be followed by the text such as: View when/how you did consent the use of your data or View when/how you will allow the use of your data.
Utilization Text, Infographic, Video or Animation This metaevent may provide Transparency about how the data will be used and what information about the data subject can be produced through processing (or what questions about the data subject will be answered). The description of the information must be in a language in which the complexity of the use of data is abstracted for the data subject. The description of the Personal Data should be based on the structure: The Personal Data will be used as follows {describe form of use} and the produced information or answered questions are: {list of information produced or answered questions about the person}. Cases with several different usage of the Personal Data, the system should repeat the specifications for each use.

Purpose of Use Entity
Name Type of presentation Transparency Information Description
Metadata
Purpose description Text Must describe the purpose-of-use's name and the the legitimate interests pursued by the controller or by a third party. To do this, a single sentence specifying the puporse (or purposes) of use as followec ''The purpose of use for your Personal Data is {purpose description }". Example: The purpose for your Personal Data is to know your top destinations and common routes during the week to offer the best routes. or The purpose of use of your Personal Data is to know your preferences.
Legal Basis Text or Infographic Presents the regulation that guarantees the use of the Personal Data for the specific purpose. Information about the law/regulation must be as detailed as possible (Article, Paragraph, Topic, Recital, etc.) to support the data subject to locate and confirm it content. Example: The use of your Personal Data is to know your top destinations during the week to offer the best routes is according to General Data Protection Regulation (GDPR), Article number 89 item A available in https://gdpr-info.eu/art-89-gdpr/
Personal Data Instance of Personal Data Entity This metadata must present a sample of Personal Data entity/metadata/metaevents for each Personal Data used. Transparency metadata specifications must be followed by the Personal Data Metadata/Metaevent Specification.
Controller Instance of Actor Entity This metadata must present a sample of the Actor entity/metadata which the metadata named Type has the value Controller. Transparency metadata specifications must follow the Actor entity metadata specifications.
Computer-based Decision Text It must highlight whether any kind of decision is made just based on algorithms/computer results without human supervision. The event must also provide a justification sentence if the computer-based decision value is YES.
Metaevents
Start of purpose execution Text, images or infographic This event must present information about the moment or trigger when the data usage start. A moment refers to a specific date, time or period, for example: Start of use purpose execution: 01/01/2020 at 00:00. An action is a system or user interaction. For example: Start of use purpose execution: The agreement with the Privacy and Security Policy.
End of purpose execution Text, images or infographic This event must present information about the moment or trigger when data usage ends. A moment refers to a specific date, time or period, for example: End of use purpose execution: 31/01/2020 at 00:00. An action is a system or user interaction. For example: End of use purpose execution: When to uninstall the app.

Transfer/Sharing/Disclose Entity
Name Type of presentation Transparency Information Description
Metadata
Title Text Short text to be used as a title for Transfer, Share or Disclosure action.For example: \Improving your health
Type Text or Icons or Images Specify which type of transfer is done following the list: (1) Transfer: Personal Data are transferred to third parties. The third controller may use the data for different purposes even it is unrelated to the purpose of use presented by the controller who collected the data; (2) Sharing: Personal Data are transferred to a recipient who will work with the controller to improve, supplement, supply or otherwise need related to the purpose of use presented by the controller who collected the data.; or (3) Disclose: The controller makes the Personal Data open for public access.
Justification Text Sentence that describes the reason to support Personal Data transfer. The sentence may follow the structure: The Personal Data {name of Personal Data} is/are {transfer/shared/disclose} due to the reason {transfer reason}. Example: The Personal Data: Location is disclose for policy and other authorities (if required) to support any kind of investigation . The sentence can reference all data as long as the action is done this way. For example: The transfer of Personal Data cited here is due to computing resource sharing .
Legal basis Text or Infographic A sentence reaffirming the name of the Personal Data and its objective followed by information of the law / regulation that guarantees the Transfer, Share or Disclose of the Personal Data is legal. Law/regulation information desired: (1) - Name of the law/regulation; (2) - Number of the article or section; and (3) - Name/number of specific item. Example: The Disclose of Personal Data Location is according to General Data Protection Regulation (GDPR), Article number 48. https://gdpr-info.eu/art-48-gdpr/
Recipient Instance of Actor Entity This metadata must present a sample of the Actor entity/metadata which the metadata named Type has the value Recipient. Transparency metadata specifications must follow the Actor entity metadata specifications.
Recipient regulation Text or Infographic This metadata should present information about how Personal Data will be protected at the data recipient. A combination of two pieces of information may be displayed: (1) Recipient Personal Data law/regulation: State which law/regulation the recipient responds to; (2) Data Protection Office at Recipient: An instance of Actor entity with data with metadata type as Protection Office.
Personal Data Instance of Personal Data Entity It must provide a sample Personal Data entity metadata for each Personal Data used. Transparency guidelines should follow the Personal Data entity metadata descriptions.
Metaevents
Permission Images This event must consider the moment or the action which the Data Subject authorized the transfer of his/her Personal Data. In order to delivery the information for Data Subject, the system must use a set of images presenting the interface when he/she give the consent in or to remember/explain to data subject about the moment when he/she allowed (or will allow) the transfer of his/her Personal Data. The images can be followed by the text such as: View when/how you did consent the transfer of your data or View when/how you will allow the sharing of your data. Images may also have highlights for texts and interface components read and accessed by Data Subject.
Ocurrence Text or Images of Infographic This metaevent should provide information about how Personal Data are transfer/ sharing/ disclose. Personal Data can be transferred, shared or disclosed over a period of time or based on some trigger. Structure recommended: Personal Data {can present data description} will be {transfer/shared/ disclosed} {data dissemination strategy}. For example: Personal Data will be transferred every time you use the app or A copy of the Personal Data will be shared every thirty minutes.

Agency Entity
Name Type of presentation Transparency Information Description
Metadata
Title Text Simple sentence describing the agency's name. For example: (1) Request a copy of Personal Data; or (2) Report Incorrect use of your data.
Description Text This metadata should provide information the tasks that Data Subject may do in order to ensure their rights. The application can display a list of events or set of images or an email address. It is not the obligation of the Transparency tool to provide the resource to the data subject, but to guide him/her to the interface or path provided by Controller or Protection Office website.
Recipient Instance of Actor Entity This metadata must present a sample of the Actor entity/metadata which the metadata named Type has the value Recipient. Transparency metadata specifications must follow the Actor entity metadata specifications.