Privacy Considerations


Privacy Considerations are Best Practices for Privacy.

Privacy Considerations is defined as Privacy Considerations for Internet Protocols in RFC 6973

Privacy is a complicated concept with a rich history that spans many disciplines. With regard to data, often it is a concept applied to "personal data", commonly defined as information relating to an identified or identifiable individual.

Many sets of privacy principles and Privacy design frameworks have been developed in different forums over the years. These include the Fair Information Practices (FIPs), a baseline set of privacy protections pertaining to the collection and use of personal data (often based on the principles established in OECD, for example), and the Privacy by Design concept, which provides high-level privacy guidance for systems design (see PbD for one example). The guidance provided in this document is inspired by this prior work, but it aims to be more concrete, pointing protocol designers to specific engineering choices that can impact the privacy of the individuals that make use of Internet Protocols.

Different people have radically different conceptions of what privacy means, both in general and as it relates to them personally Westin.

Furthermore, privacy as a legal concept is understood differently in different jurisdictions. The guidance provided in this document is generic and can be used to inform the design of any protocol to be used anywhere in the world, without reference to specific legal frameworks.

Whether any individual document warrants a specific Privacy Considerations section will depend on the document's content.

Documents whose entire focus is privacy may not merit a separate section (for example, "Private Extensions to the Session Initiation Protocol (SIP) for Asserted Identity within Trusted Networks" RFC 3325). For certain specifications, privacy considerations are a subset of security considerations and can be discussed explicitly in the Security Considerations section. Some documents will not require discussion of privacy considerations (for example, "Definition of the Opus Audio Codec" RFC 6716). The guidance provided here can and should be used to assess the privacy considerations of protocol, architectural, and operational specifications and to decide whether those considerations are to be documented in a stand-alone section, within the security considerations section, or throughout the document. The guidance provided here is meant to help the thought process of privacy analysis; it does not provide specific directions for how to write a privacy considerations section.

Privacy Considerations SHOULD take the time to elaborate the security implications of not implementing a MUST or SHOULD, or doing something the specification says MUST NOT or SHOULD NOT

These terms are frequently used to specify behavior with privacy implications. The effects on privacy of not implementing a MUST or SHOULD, or doing something the specification says MUST NOT or SHOULD NOT be done may be very subtle. Document authors should take the time to elaborate the privacy implications of not following recommendations or requirements as most implementors will not have had the benefit of the experience and discussion that produced the specification.

RFC 6973 Section 3.1 Entities#

RFC 6973 Section 3.2 Data and Analysis#

RFC 6973 Section 3.3. Identifiability#

  • Anonymity: The state of being anonymous.
  • Anonymity Set: A set of individuals that have the same attributes, making them indistinguishable from each other from the perspective of a particular attacker or observer.
  • Anonymous: A state of an individual in which an observer or attacker cannot identify the individual within a set of other individuals (the Anonymity Set).
  • Attribute: A property of an individual.
  • Identifiability: The extent to which an individual is identifiable.
  • Identifiable: A property in which an individual's identity is capable of being known to an observer or attacker.
  • Identification: The linking of information to a particular individual to infer an individual's identity or to allow the inference of an individual's identity in some context.
  • Identified: A state in which an individual's identity is known.
  • Identifier: A data object uniquely referring to a specific identity of a protocol entity or individual in some context. See RFC 4949. Identifiers can be based upon natural names
    • official names, personal names, and/or nicknames
    • or can be artificial (for example, x9z32vb). However, identifiers are by definition unique within their context of use, while natural names are often not unique.
  • Identity: Any subset of an individual's attributes, including names, that identifies the individual within a given context. Individuals usually have multiple identities for use in different contexts.
  • Identity Confidentiality: A property of an individual where only the recipient can sufficiently identify the individual within a set of other individuals. This can be a desirable property of authentication protocols.
  • Identity Provider: An entity (usually an organization) that is responsible for establishing, maintaining, securing, and vouching for the identities associated with individuals.
  • Official Name: A personal name for an individual that is registered in some official context (for example, the name on an individual's birth certificate). Official names are often not unique.
  • Personal Name: A natural name for an individual. Personal names are often not unique and often comprise given names in combination with a family name. An individual may have multiple personal names at any time and over a lifetime, including official names. From a technological perspective, it cannot always be determined whether a given reference to an individual is, or is based upon, the individual's personal name(s) (see Pseudonym).
  • Pseudonym: A name assumed by an individual in some context, unrelated to the individual's personal names known by others in that context, with an intent of not revealing the individual's identities associated with his or her other names. Pseudonyms are often not unique.
  • Pseudonymity: The state of being pseudonymous.
  • Pseudonymous: A property of an individual in which the individual is identified by a pseudonym.
  • Real Name: See Personal Name and Official Name.
  • Relying Party: An entity that relies on assertions of individuals' identities from Identity Provider (IDP) in order to provide services to individuals. In effect, the relying party delegates aspects of identity management to the Identity Provider (IDP). Such delegation requires protocol exchanges, trust, and a common understanding of semantics of information exchanged between the Relying Party and the Identity Provider (IDP).

More Information#

There might be more information for this subject on one of the following: