From BC$ MobileTV Wiki
Jump to: navigation, search

Privacy is a measure of the level of secrecy and anonymity .vs. public knowledge of information, whether sensitive or otherwise. Privacy is important for humanity for example, to protect intellectual property via copyright, trademark and patents allows businesses to flourish without the risk of someone stealing information and duplicating the products or services of a company or person. Privacy also allows the advancement and evolution of a species, as it keeps its genetic code and the exact factors which contribute to its adaptation known to only itself.

Personal privacy, especially, is, and should always be, regarded as a right and thus protected.


IAB Data Transparency

IAB/W3C Standardized Identifier


Customer Experience Digital Data Layer

W3C -- Customer Experience Digital Data Layer 1.0:




General Data Protection Regulation (GDPR) harmozines the legal protections for individuals across the 28 member states of the EU (including UK despite Brexit). It covers any information that could identify an individual (userIDs, memberships, interests, transactions, usage histories, etc). It is being called the most important change in data privacy regulation in over 20 years, and offers the rights to:

  1. be informed (about all data collections, storage, duration, etc)
  2. access (view a complete list of all information that has been collected, at any time)
  3. rectify (incorrect or hurtful data)
  4. erasure (aka. "right to be forgotten")
  5. restrict processing (who can analyze or how it can be used)
  6. data portability (move data between services/providers without hinderance)
  7. object (prevent collection in the first place)
  8. automated decision-making/profiling prevention ("opt-out" of any automated use of data at any time)

[3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16] [17] [18] [19] [20]

North America


Digital Charter

[21] [22]





California Consumer Privacy Act (CCPA).




The Platform for Privacy Preferences (P3P) Project is a W3C recommended protocol allowing websites to declare their intended use of information they collect about browsing users, and is designed primarily to give users more control of their personal information while browsing.

The P3P spec defines the following abbreviated policy settings:

  1. NOI - Web Site does not collect identified data.
  2. ADM - Information may be used for the technical support of the Web site and its computer system. Users cannot opt-in or opt-out of this usage (same as tag ADMa).
  3. DEV - Information may be used to enhance, evaluate, or otherwise review the site, service, product, or market. Users cannot opt-in or opt-out of this usage (same as tag DEVa).
  4. PSAi - Information may be used to create or build a record of a particular individual or computer that is tied to a pseudonymous identifier, without tying identified data (such as name, address, phone number, or email address) to the record. This profile will be used to determine the habits, interests, or other characteristics of individuals for purpose of research, analysis and reporting, but it will not be used to attempt to identify specific individuals. Opt-in means prior consent must be provided by users.
  5. NAV - Data passively generated by browsing the Web site -- such as which pages are visited, and how long users stay on each page.
  6. OUR - Ourselves and/or entities acting as our agents or entities for whom we are acting as an agent.
  7. STP - Information is retained to meet the stated purpose. This requires information to be discarded at the earliest time possible. Sites MUST have a retention policy that establishes a destruction time table. The retention policy MUST be included in or linked from the site's human-readable privacy policy.
  8. IND - Information is retained for an indeterminate period of time. The absence of a retention policy would be reflected under this option. Where the recipient is a public fora, this is the appropriate retention policy.
  9. DEM - Data about an individual's characteristics -- such as gender, age, and income.

[25] [26] [27] [28] [29] [30] [31] [32] [33] [34] [35] [36]

Do Not Track

Do Not Track (commonly abbreviated DNT) is a security hearer that client web browsers can send to businesses that own specific websites & web services in their requests' headers to "opt-out" of any tracking or data collection of their session or any of their information (whether such is legally deemed personal/private in the region from which they are accessing the website/services, or where that website/service primarily based out of). The header indicates that the business owning the website(s) or web service(s) being accessed should not perform any such data collection, anonymization/harvesting, analysis, storage, etc.

[37] [38] [39] [40] [41] [42] [43]

Data Classification

[44] [45]


Payment Card Industry (PCI).

* Credit Card (number, expiry, CVC)
* Financial Account (Bank account # or balance, Debit Card #, Interac e-Transfer Email, EFT, etc)
* PayPal and/or PaySafe (email, account #, payment method chosen, etc)
* Wallet balance
* Crytocurrency Wallet (public/private keys, type, etc)
* Transaction history
* Asset/Equity holdings (Stocks, Funds, etc)
* Income
* Tax filling information (CRA, IRS, Business #, federal/state/provincial/municipal tax paid, etc)
* Personal Bills (Electricity, CableTV/Internet/Phone/Mobile, etc)

For more info, see PCI


Patient Health Information (PHI).

* Patient Identification Number (Health-linkable IDs/info)
* Biometrics (fingerprint, facial image recognition identifier, iris scan, walking gait/stride, etc)
* Lab Results (Blood work, Urine/Feces/Saliva/Tissue analysis, etc)
* Diseases (Virus & Bacteria exposure, Antibodies confirmed, etc)
* Conditions (whether chronic or temporary)
* Treatments (Surgeries, Vaccinations, etc)
* Medications (Prescriptions, etc)
* Hospitalizations (Hospital & Clinic visits, etc)
* Life Expectancy (personalized/actuarial)
* Health Insurance Claims (provider usage, claim amounts, etc)
* General Health info (Vital Signs, Blood type, height/weight/BMI/BMR, Doctor/Nurse notes, etc)

PHI metadata

* Hospital in Region/Zone
* Home Clinic
* Family Doctor
* Nearest Clinic(s)
* Local Emergency Phone Numbers (Ambulatory, Fire, and Police #s)
* Emergency Contact Info (whom to contact on your behalf in the event of an emergency)
* Accident rates in region
* Sickness rates (by types) in region
* Hospitalization rates in region
* Death rates in region
* Life Expectancy in region
* Endemic/Pandemic outbreaks in region
* Contact Tracing

For more info, see HealthIT


Personally Identifiable Information (PII) differs between jurisdictions but GDPR defines PII as any "physical, physiological, genetic, mental, economic, cultural or social identity of a natural person".

* PCI data
* PHI data
* Full (first/middle/last) name
* Street address (Billing/Home)
* Date of Birth (Age# or precise DOB)
* Telephone Number
* Login credentials (Username/Password)
* Email Address
* Social Security Number
* Passport Number
* Driver’s License Number
* Owned properties (VIN-Vehicle Identification Number, License Plate/Registration #, City/Township Land Plot#, etc)

PII metadata

* Internet Protocol (IP) address
* GeoIP (reverse-geocoded location)
* Geolocation (latitude/longitude)
* Triangulated Location (Satellite GPS / cell towers)
* Cookies~~
* Device Serial Number (including Processor #)~~
* Media Access Control (MAC)~~
* Other Device IDs~~

~~ - these types are not considered PII in many jurisdictions


Personal Information (PI).

* First name only (so long as other names are not present anywhere in co-related datasets)
* Middle name only
* Last name only
* Abbreviated/redacted names (as in "Aaron Smith" being labelled as "A.Sm"; however special care/redaction necessary for very short names)
* Postal Code
* Age range
* Income bracket
* Gender
* Occupation (job title/position, department, team, etc)
* Workplace (company name, work address, work phone number, etc)

PI metadata

* Login time
* Login frequency/history
* Session time
* Session refreshes/history
* Session entry point
* Session exit point
* Pages/Screens visited
* Features interacted with (clickpaths, heatmaps, etc)
* Referer
* Social Media accounts
* Crashes/Bugs encountered
* Browser (User Agent)
* Operating System (Device OS)


Non-Personal Information (NPI) must not be tied back directly to an account or other PI/PII; the act of tying the below information together typically moves it into PI or PII and beyond categories.

* Anonymized identifiers
* Segment/Group Membership
* Cookies~~
* Device Serial Number (including Processor #)~~
* Media Access Control (MAC)~~
* Other Device IDs~~

NPI metadata

* Software used
* Hardware used
* Search Terms used
* Categories selected/filtered upon
* Feature requests
* Bug/Crash reports
* Support Calls

~~ - these types are considered PII in certain jurisdictions


P3P Writer

"Do Not Call" Registry


Unhosted is a project which promises freedom from web 2.0's monopoly platforms Unhosted is a project for strengthening free software against hosted software. With our protocol, a website is only source code. Dynamic data is encrypted and decentralised, to per-user storage nodes. This benefits free software, as well as scalability, robustness, and online privacy.

OECD Privacy Statement Generator



External Links


  1. IAB Tech Lab Presents Solution To Universal ID Privacy Tracking:
  2. GDPR Handbook hard copy (with extra chapter):
  3. Information Commissioner’s Office (ICO) for GDPR:
  4. GDPR overview:
  5. Five Final Checks To Ensure GDPR Compliance:
  6. Personal Data Breach reporting:
  7. Understanding Data Privacy and the GDPR:
  8. Data Partners and the GDPR:
  9. Seven GDPR complaints filed against Google over user location tracking:
  10. The Ultimate Guide to WordPress and GDPR Compliance – Everything You Need to Know:
  11. Complete guide to GDPR compliance:
  12. GDPR one year on - IAB offers new privacy guidelines for advertisers:
  13. EU GDPR terms to know:
  14. Data Breaches A Global Problem Under GDPR (STUDY): (good stats on reasons for breaches)
  15. COMMENTARY Marketers Can Relax -- IT Teams Are Behind Most Privacy Fines:
  16. Why Not Comply? Most Firms Lag In GDPR Data Access, Study Shows:
  17. Talend Report Showcases Low GDPR Compliance Rates for Data Subject Access Requests:
  18. Five Reasons Why Organizations Fail in Their GDPR and CCPA Compliance:
  19. From California to Brazil -- Europe’s privacy laws have created a recipe for the world:
  20. The GDPR Is Full Of Holes, Canadian Report Says:
  21. New ‘digital charter’ to emphasize Canadians’ control over personal data | The Star:
  22. Trudeau takes aim at big tech, announces ‘Digital Charter’:
  23. The "Clarifying Lawful Overseas Use of Data" (CLOUD) Act and What It Means for You, or More Importantly, Me!:
  24. Privacy in Internet Explorer 6:
  25. Make Your Web Site P3P Compliant:
  26. Creating a P3P Compliant Privacy Policy:
  27. PrivacyBot: (quick and fast generation of privacy policies and practices using proprietary technology and systems)
  28. IBM's P3P Editor tool:
  29. Set P3P code in HTML:
  30. P3P and PHP session problem with iframes in Internet Explorer 9:
  31. facebook getUser() in fan page tab iframe shows internal server error only on IE:
  32. P3P Policy Usage Statistics:
  33. P3P is no longer supported (in Windows 10 + IE11/Edge):
  34. P3P P3P is dead, long live P3P!:
  35. What does header('P3P: CP=“CAO PSA OUR”'); do?:
  36. Deprecate P3P:
  37. 'Do Not Track,' the Privacy Tool Used by Millions of People, Doesn't Do Anything:
  38. Companies that have implemented Do Not Track:
  39. FTC Staff Issues Privacy Report, Offers Framework for Consumers, Businesses, and Policymakers:
  40. Medium’s Do Not Track Policy:
  41. Key to Opting Out of Personalized Ads, Hidden in Plain View:
  43. The Do-Not-Track Act of 2019:
  44. What is PII, non-PII, and personal data?:
  45. What Constitutes Personally Identifiable Information or PII?:
  46. FTC:
  47. wikipedia: Data Privacy Day
  48. How To Remove Yourself from People Search Websites:
  49. Merit badges for online privacy? Mozilla soon might give you one:
  50. Facebook Introduces Data Transfer Tool For Photos With Strict Privacy Standards:
  51. Guideline for Employees of the Government of Canada: Information Management (IM) Basics:
  52. Google COVID-19 Community Mobility Reports:
  53. We're watching you: COVID-19 surveillance raises privacy fears:
  54. COVID-19, surveillance and the threat to your rights:
  55. Tracking the Global Response to COVID-19:

See Also

Security | Trust | Surveillance | BT | LBS | VPN | BigData | E-Payments | Cryptocurrency | Analytics