-
Notifications
You must be signed in to change notification settings - Fork 11
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* Updating taxonomy to publish to new repo * Updating index page * Updating site url * Update text, footer and taxonomy
- Loading branch information
1 parent
7f75ea1
commit 2ccf8d8
Showing
5 changed files
with
130 additions
and
17 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,103 @@ | ||
| fides_key,parent_key,name,triggered_laws,description | ||
| data_category,,Data Category,, | ||
| system,data_category,System Data,,"System data that does not belong to, or identify an individual." | ||
| system.operations,system,System Operations Data,,Data used for the operations of the system. | ||
| system.authentication,system,System Authentication Data,,Data used to manage access to the system. | ||
| user,data_category,User Data,,User related data. | ||
| user.authorization,user,Authorization,,Scope of permissions and access to a system. | ||
| user.account,user,Account Data,,Account information. | ||
| user.account.settings,user.account,Settings,,Account preferences and settings. | ||
| user.children,user,Children,"CA, CT, CO, VA, UT, OR, TX",Data relating to children | ||
| user.health,user,Health,"CA, CT, CO, VA, UT, OR, TX, WA MHMD, NV Health",Health records or individual's personal medical information. | ||
| user.biometrics,user,Biometrics,"CA, CT, CO, VA, UT, OR, TX, WA MHMD, NV Health",Returns encoded characteristics provided by a user. | ||
| user.government_id,user,Government ID,CA,State provided identification data. | ||
| user.authorization.biometrics,user.authorization,Authorization Biometrics,"CA, CT, CO, VA, UT, OR, TX, WA MHMD, IL BIPA",Credentials for system authentication based on biometrics. | ||
| user.biometrics.fingerprint,user.biometrics,Biometrics Fingerprint,"CA, CT, CO, VA, UT, OR, TX, WA MHMD, IL BIPA",Fingerprint encoded data about a subject. | ||
| user.biometrics.retinal,user.biometrics,Biometrics Retinal,"CA, CT, CO, VA, UT, OR, TX, WA MHMD, IL BIPA ",Retinal data about a subject. | ||
| user.biometrics.voice,user.biometrics,Biometrics Voice,"CA, CT, CO, VA, UT, OR, TX, WA MHMD, IL BIPA ",Voice encoded data about a subject. | ||
| user.children.children_under_thirteen,user.children,Children Under Thirteen,"CA, CT, CO, VA, UT, OR, TX",Data relating to children under 13. | ||
| user.children.thirteen_to_sixteen,user.children,Child Thriteen-to-Sixteen,CA,Data relating to children between 13-15. | ||
| user.demographic,user,Demographic,,Demographic data. | ||
| user.demographic.sexual_orientation,user.demographic,Sexual Orientation,"CA, CT, CO, VA, UT, OR, TX",Sexual orientation of data subject. | ||
| user.demographic.race_ethnicity,user.demographic,Race or Ethnicity,"CA, CT, CO, VA, UT, OR, TX",Race or ethnicity of data subject. | ||
| user.demographic.citizenship_or_immigration_status,user.demographic,Citzenship or Immigration Status,"CA, CT, CO, VA, UT, OR, TX",Citizen or immigration status of data subject. | ||
| user.demographic.religious_belief,user.demographic,Religious Beliefs,"CA, CT, CO, VA, UT, OR, TX",Religion or religious beliefs of the data subject. | ||
| user.demographic.philosophical_belief,user.demographic,Philosophical Beliefs,CA,Philosophical beliefs of the data subject. | ||
| user.government_id.passport_number,user.government_id,Passport Number,CA,Government issued passport data. | ||
| user.government_id.drivers_license_number,user.government_id,Driver's License Number,CA,State issued driving identification number. | ||
| user.government_id.immigration,user.government_id,Immigration Status ,"CA, CT, CO, VA, UT, OR, TX",State issued immigration or residency data. | ||
| user.government_id.national_identification_number,user.government_id,State Government ID ,CA,State issued personal identification number. | ||
| user.health.treatment,user.health,Health Treatment,"CA, CT, CO, VA, UT, OR, TX, WA MHMD, NV Health, ",Health-realted treatment for a subject | ||
| user.health.prescriptions,user.health,Prescriptions,"CA, CT, CO, VA, UT, OR, TX, WA MHMD, NV Health, ",Prescriptions belonging to a subject | ||
| user.health.symptons,user.health,Symptoms,"CA, CT, CO, VA, UT, OR, TX, WA MHMD, NV Health, ",Medical symptoms associated with a subject | ||
| user.health.medications,user.health,Medications,"CA, CT, CO, VA, UT, OR, TX, WA MHMD, NV Health, ",Medications taken by a subject | ||
| user.health.reproductive_or_sexual,user.health,Reproductive or Sexual Health,"CA, CT, CO, VA, UT, OR, TX, WA MHMD, NV Health, ",Reproductive or sexual data belonging to a subject | ||
| user.health.genetic ,user.health,Genetic information,"CA, CT, CO, VA, UT, OR, TX, WA MHMD, NV Health, ",Data about the genetic makeup provided by the subject. | ||
| user.health.social_psychological_behavioral,user.health,Psychological or Behavioral Condition,"CA, CT, CO, VA, UT, OR, TX, WA MHMD, NV Health, ","Social, psychological, and/or behavioral data belonging to a subject. " | ||
| user.health.medical_diagnosis ,user.health,Medical Diagonosis ,"CA, CT, CO, VA, UT, OR, TX, WA MHMD, NV Health, ",Medical diagnosis of a subject. | ||
| user.health.condition,user.health,Health Condition,"CA, CT, CO, VA, UT, OR, TX, WA MHMD, NV Health, ",Health condition of a subject. | ||
| user.health.record_id,user.health,Health record ,"CA, CT, CO, VA, UT, OR, TX, WA MHMD, NV Health",Medical record identifiers belonging to a subject. | ||
| user.location,user,Location,"CA, CT, VA, UT, OR, TX, WA MHMD, NV Health",Location data. | ||
| user.location.precise,user.location,Precise Location,,Precise location derived from sensors (less than 500M). | ||
| user.financial.bank_account,user.financial,Bank Account Information,,Bank account information belonging to the subject. | ||
| user.behavior,user,Behavior,"WA MHMD, NV Health",Behavioral data about the subject. | ||
| user.contact,user,Contact,,Contact data collected about a user. | ||
| user.device,user,Device,,"Data related to a user's device, configuration and setting." | ||
| user.payment,user,Payment,,Payment data related to user. | ||
| user.social_activity,user,Social Activity,,Social activity and interaction data. | ||
| user.unique_id,user,Unique ID,,Unique identifier for a user assigned through system use. | ||
| user.financial,user,Financial,,Payment data and financial history. | ||
| user.name,user,Name,,User's real name. | ||
| user.criminal_history,user,Criminal History,,Criminal records or information about the data subject. | ||
| user.privacy_preferences,user,Privacy Preferences,,Privacy preferences or settings set by the subject. | ||
| user.job_title,user,Job title,,Professional data. | ||
| user.content,user,Content,,"Content related to, or created by the subject." | ||
| user.account.username,user.account,Username,,Username associated with account. | ||
| user.authorization.credentials,user.authorization,Auth Credentials,,Authentication credentials to a system. | ||
| user.authorization.password,user.authorization,Password,,Password for system authentication. | ||
| user.behavior.browsing_history,user.behavior,Browsing History,,Content browsing history of a user. | ||
| user.behavior.media_consumption,user.behavior,Media Consumption,,Content consumption history of the subject. | ||
| user.behavior.purchase_history,user.behavior,Purchase History,,Purchase history of the subject. | ||
| user.behavior.search_history,user.behavior,Search History,,Search history of the subject. | ||
| user.contact.email,user.contact,Email,,User's contact email address. | ||
| user.contact.phone_number,user.contact,Phone Number,,User's phone number. | ||
| user.contact.social_url,user.contact,Social URL,,Subject's websites or links to social and personal profiles. | ||
| user.contact.fax_number,user.contact,Fax,,Data Subject's fax number. | ||
| user.contact.address,user.contact,Address,,Contact address data collected about a user. | ||
| user.contact.address.mailing_address,user.contact.address,Mailing Address,,Contact address data collected about a user. | ||
| user.contact.address.city,user.contact.address,City,,User's city level address data. | ||
| user.contact.address.country,user.contact.address,Country,,User's country level address data. | ||
| user.contact.address.postal_code,user.contact.address,Postal Code,,User's postal code. | ||
| user.contact.address.state,user.contact.address,State,,User's state level address data. | ||
| user.contact.address.street,user.contact.address,Street,,User's street level address data. | ||
| user.content.private,user.content,Private Content,,"Private content related to, or created by the subject, not publicly available." | ||
| user.content.public,user.content,Public Content,,Publicly shared Content related to or created by the subject. | ||
| user.content.self_image,user.content,Self Image,,Photograph or image in which subject is whole or partially recognized. | ||
| user.demographic.union_membership,user.demographic,Union Membership,,Union membership of data subject | ||
| user.demographic.protected_classifications,user.demographic,Protected Classifications,,Demographic data about a user that are protected classifications. | ||
| user.demographic.age_range,user.demographic,Age Range,,Non specific age or age-range of data subject. | ||
| user.demographic.date_of_birth,user.demographic,Date of Birth,,Date of birth of data subject. | ||
| user.demographic.gender,user.demographic,Gender,,Gender of data subject. | ||
| user.demographic.language,user.demographic,Language,,Spoken or written language of subject. | ||
| user.demographic.marital_status,user.demographic,Marial Status,,Marital status of data subject. | ||
| user.demographic.political_opinion,user.demographic,Political Opinion,,Political opinion or belief of data subject. | ||
| user.demographic.profile,user.demographic,Profile,,Profile or preference information about the data subject. | ||
| user.device.telemetry,user.device,Telemetry,,User identifiable measurement data from system sensors and monitoring. | ||
| user.device.sensor,user.device,Sensor,,Measurement data about a user's environment through system use. | ||
| user.device.cookie,user.device,Cookie,,"Data related to a subject, stored within a cookie." | ||
| user.device.cookie_id,user.device,Cookie ID,,Cookie unique identification number. | ||
| user.device.device_id,user.device,Device ID,,Device unique identification number. | ||
| user.device.ip_address,user.device,Internet Protocol Address ,,Unique identifier related to device connection. | ||
| user.employment,user,Employment Information,,Employment related information. | ||
| user.employment.workplace,user.employment,Workplace,,Organization of employment. | ||
| user.financial.credit_card,user.financial,Credit Card Information ,,Credit card information belonging to the subject. | ||
| user.government_id.birth_certificate,user.government_id,Birth Certificate ,,State issued certificate of birth. | ||
| user.government_id.vehicle_registration,user.government_id,License Plate or Vehicle Number,,State issued license plate or vehicle registration data. | ||
| user.health.maternity_clothing,user.health,Maternity Clothing,,Purchase and/or browsing history of consumer related to maternity clothing | ||
| user.health.baby_formula,user.health,Baby Formula,,Purchase and/or browsing history of consumer related to baby formula | ||
| user.health.insurance_beneficiary_id,user.health,Insurance beneficiary ,,Health insurance beneficiary number of the subject. | ||
| user.location.coarse,user.location,Coarse Location,,Coarse location derived from sensors (more than 500M). | ||
| user.name.first,user.name,First name,,Subject's first name. | ||
| user.name.last,user.name,Last name,,"Subject's last, or family, name." | ||
| user.unique_id.probablistic,user.unique_id,Probablistic ID,,A probabilistic identifier generated from data subject or device characteristics. | ||
| user.unique_id.deterministic,user.unique_id,Deterministic ID,,A deterministic identifier generated from data subject or device characteristics. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,22 +1,26 @@ | ||
| # Fides Language | ||
| # IAB Tech Lab & Fideslang | ||
|
|
||
| Fideslang (fee-dez-læŋg, from the Latin term "Fidēs" + "language") is a taxomony of privacy and governance related data elements, purposes of data use, and subjects. Fideslang provides an interoperable standard for labeling data and describing data processing activities for governance across global privacy regulations. | ||
| Fideslang ( fee-dez-læŋg, derived from the Latin term "Fidēs" and "language") is a taxonomy developed to standardize the way privacy and governance-related data elements, purposes of data use, and subjects are labeled and described. This taxonomy provides an interoperable standard designed to assist businesses in navigating the complex landscape of global privacy regulations. | ||
|
|
||
| In collaboration with [Ethyca](https://ethyca.com), [IAB Tech Lab](https://iabtechlab.com/) received a donation of Fideslang to accelerate the development of privacy standards within the ad tech industry. Fideslang represents five years of dedicated work aimed at enhancing data privacy practices by creating a universal language that bridges the gap between legal and development teams. This innovation aligns seamlessly with the IAB Tech Lab's Privacy Taxonomy Project, a key initiative of the Privacy Implementation & Accountability Task Force. The project aims to create a standardized privacy taxonomy that enables businesses to effectively manage their data privacy compliance and communicate privacy information more clearly across the industry. | ||
|
|
||
| The Privacy Taxonomy is uniquely tailored to the evolving landscape of data protection. Building on the foundation of Fideslang, the taxonomy aims to set a new standard for how privacy information is conveyed across the digital advertising ecosystem. | ||
| The Privacy Taxonomy is open for public comment until October 5th, 2024. Industry stakeholders are encouraged to review and provide feedback at [[email protected]]([email protected]). | ||
|
|
||
| [](https://creativecommons.org/licenses/by/4.0/) | ||
|
|
||
|
|
||
| ## Taxonomy Explorer | ||
|
|
||
| Fideslang privacy taxonomy is made up of three main classification groups. These groups are used together to describe the data types, purpose of use, and data owners (subjects) of data being processed, for data privacy and governance purposes. Below you can explore the primary components of the taxonomy. | ||
| The IAB Tech Lab Privacy Taxonomy is composed of three main classification groups: Data Elements, Data Uses, and Data Subjects. These groups work together to describe the data types, purposes of use, and data owners (subjects) of data being processed for privacy and governance purposes. Below, you can explore the primary components of the taxonomy. | ||
|
|
||
| To learn more about the taxonomy's structure read the [explanation below](#fideslang-privacy-taxonomy-explained) | ||
|
|
||
| <div id="vis" class="vis vis-container"> | ||
| <div class="controls-container"> | ||
| <div id="data-control" class="control-group"> | ||
| <div class="btn-group"> | ||
| <button class="btn is-selected" data-chart-data="categories">Data Categories</button> | ||
| <button class="btn is-selected" data-chart-data="categories">Data Elements</button> | ||
| <button class="btn" data-chart-data="uses">Data Uses</button> | ||
| <button class="btn" data-chart-data="subjects">Data Subjects</button> | ||
| </div> | ||
|
|
@@ -47,19 +51,20 @@ To learn more about the taxonomy's structure read the [explanation below](#fides | |
|
|
||
| ## Fideslang Privacy Taxonomy Explained | ||
|
|
||
| ### 1. Data Categories | ||
| Data Categories are labels to describe the type of data processed by your busess and technology systems. | ||
| Data Categories are hierarchical with natural inheritance, meaning you can label data coarsely with a high-level category (e.g. `user.contact` data), or you can tag it with greater precision using subcategories (e.g. `user.contact.email` data). | ||
| ### 1. Data Elements | ||
| Data Elements are labels to describe the type of data processed by your business and technology systems. Data Categories are hierarchical with natural inheritance, meaning you can label data coarsely with a high-level category (e.g. user.contact data), or you can tag it with greater precision using subcategories (e.g. user.contact.email data). This provides a standard way to tag data in databases, which can assist with data privacy operations (e.g. data mapping, DSRs, contracts, disclosures, consent/opt-out, etc.). The data element, when clear under the applicable law, aligns with categories specified in US data privacy laws (e.g., CCPA, CPA). | ||
|
|
||
|
|
||
| ### 2. Data Uses | ||
| Data Uses are labels that describe how, or for what purpose(s) you are using data. You may think of these as analagous to Purpose of Processing in such documents as a RoPA (Record of Processing Activities). | ||
| Data Uses are labels that describe how, or for what purpose(s) you are using data. You may think of these as analogous to Purpose of Processing in such documents as a RoPA (Record of Processing Activities). | ||
|
|
||
| Data Uses are also hierarchical with natural inheritance, meaning you can easily describe what you're using data for either coarsely (e.g. provide.service.operations) or with more precision using subcategories (e.g. provide.service.operations.support.optimization). | ||
|
|
||
| Data Uses are also hierarchical with natural inheritance, meaning you can easily describe what you're using data for either coarsely (e.g. `provide.service.operations`) or with more precision using subcategories (e.g. `provide.service.operations.support.optimization`). | ||
| The top-level labels create standard buckets to categorize data uses into: (1) necessary, (2) operational, (3) analytics, (4) advertising and marketing, and (5) disclosure. | ||
|
|
||
| ### 3. Data Subjects | ||
|
|
||
| Data Subjects describes the owner or individual that the data being processed describes, examples might be a customer, or an employee. In many systems a generic user label may be sufficient, however the taxonomy is intended to provide greater control through specificity where needed for governnce. | ||
| Data Subjects describes the owner or individual that the data being processed describes, examples might be a customer, or an employee. In many systems a generic user label may be sufficient, however the taxonomy is intended to provide greater control through specificity where needed for governance. | ||
|
|
||
| Examples of this are: | ||
|
|
||
|
|
@@ -68,13 +73,15 @@ Examples of this are: | |
| - `employee` | ||
|
|
||
| ### Laws Triggered | ||
| For data categories and data uses, these are mapped to the major laws they trigger and the sensitivity that a given data category may obtain based on processing under a given framework. | ||
| For data categories and data uses, these are mapped to the major laws they trigger and the sensitivity that a given data category may obtain based on processing under a given framework. | ||
|
|
||
| ### IAB Frameworks | ||
| The Fideslang taxonomy automatically cross-references all data uses to the IAB TCF and IAB MSPA frameworks, meaning that if you tag a data use such as `advertising_marketing.first_party.targeted`, it will automatically inherit the classification of "First Party Advertising" as defined by 1.33ii of the MSPA. | ||
|
|
||
| ### Sensitivity Matrix | ||
| When using the Fideslang taxonomy, you may assign sensitivity on a scale of 1 - 3 to given data categories. With 1 not being sensitive and 3 being sensitive as determined by applicable law. You should complete this sensitivity matrix based on your businesses internal policies and risk management. | ||
| When using the Privacy Taxonomy, you may assign sensitivity on a scale of 1-3 to given data categories. With 1 not being sensitive and 3 being sensitive as determined by applicable law. You should complete this sensitivity matrix based on your businesses internal policies and risk management. | ||
|
|
||
| Sensitivity Matrix scoring: | ||
|
|
||
| - 1 = no; | ||
| - 2 = no; unless combined with another non-sensitive data point that makes the combined data elements sensitive | ||
|
|
@@ -85,8 +92,12 @@ When using the Fideslang taxonomy, you may assign sensitivity on a scale of 1 - | |
|
|
||
| ### Extensibility and Interoperability | ||
|
|
||
| The taxonomy is designed to support common privacy compliance regulations and standards out of the box, these include CCPA, MSPA, etc. | ||
| The Privacy Taxonomy is designed to support common privacy compliance regulations and standards out of the box, these include CCPA, MSPA, etc. | ||
|
|
||
| You can extend the taxonomy to support your system needs. If you do this, we recommend extending from the existing class structures to ensure interoperability inside and outside your organization. | ||
|
|
||
| If you have suggestions for missing classifications or concepts, please submit them for addition. | ||
|
|
||
| Public Comment | ||
| Privacy Taxonomy is open for public comment until October 5th, 2024. Industry stakeholders are encouraged to review and provide feedback to [[email protected]](mailto:[email protected]). | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.