Modelling Public/Private Locations in DPV
published:
by Harshvardhan J. Pandit
is part of: Data Privacy Vocabulary (DPV)
DPV DPVCG semantic-web Working Note
See previous working note on this topic. These are the working notes for adding location concepts to DPV. See issue#209 for tracking this work.
In the previous DPVCG meeting we discussed public and private locations. An important consideration is how do we model the mixture of the two - such as private parks open to the public or lobbies of hotels where any member of the public can access the location which is private (i.e. privately owned). The previous working note provided the rationale for representing such 'mixed' locations due to the implications on privacy and the obligations under laws such as GDPR.
Arthit pointed out the existence of Privately Owned Public Space (POPS) which also has a Wikipedia article and is defined as follows. The citation needed aspect is not ideal - it means we must further research this description and find a suitable source to ensure we are modelling the concept correctly.
While privately owned public space as a term of art refers specifically to private property required to be usable by the public under zoning or similar regulatory arrangements, the phrase in its broadest sense can refer to places, like shopping malls and hotel lobbies, that are privately owned and open to the public, even if they are not legally required to be open to the public.[citation needed]
Under GDPR, the most relevant guidance would be for CCTVs which are recording specific locations and which might cover private/public spaces. The Irish Data Protection Commission's (DPC) Guidance for use of CCTV provides the following descriptions: "This guidance is intended to assist owners and occupiers of premises, in particular those that are workplaces or are otherwise accessible to the public, to understand their responsibilities and obligations regarding data protection when using CCTV". Further, it points to GDPR's DPIA requirements in Article 35-3c which states "systematic
monitoring of a publicly accessible area on a large scale" where the phrase of importance is Publicly Accessible Area which is distinct from Private Area or Public Space. Example 1 in DPC's guidance on CCTV's concerns a shopkeeper who has a CCTV that covers the "publicly accessible area of the shop ..., and the till area where staff are at risk of robbery". This implies that the shop area where customers browse and purchase goods fits the criteria for 'publicly accessible area' even though the shop itself is privately owned. Example 2 in the same document concerns a private warehouse that isn't accessible to the public and therefore does not fit the criteria above.
The AI Act Recital 19 provides more specific clarifications on the concept of Publicly Accessible Space such as if there is a criteria/restriction then it is not a publicly accessible space, that offices/workplaces are similarly not included, the mixture or public and non-public spaces, and that online spaces are not covered. The below text is of interest for our context.
For the purposes of this Regulation the notion of ‘publicly accessible space’ should be understood as referring to any physical space that is accessible to an undetermined number of natural persons, and irrespective of whether the space in question is privately or publicly owned, irrespective of the activity for which the space may be used ... A space should also be classified as being publicly accessible if, regardless of potential capacity or security restrictions, access is subject to certain predetermined conditions which can be fulfilled by an undetermined number of persons, such as the purchase of a ticket or title of transport, prior registration or having a certain age. ... Some other spaces may comprise both publicly accessible and non-publicly accessible spaces, such as the hallway of a private residential building necessary to access a doctor’s office or an airport. 8Online spaces are not covered, as they are not physical spaces.
From the above, it seems that Publicly Accessible Area in GDPR and Publicly Accessible Space in AI Act are the same concept. It is puzzling as to why they use two different terms - Space and Area - which are bound to cause confusion and delay correct interpretations. Further, there are uses of Space and Place, where it might imply that space is broader (e.g. land) and place is narrower (e.g. park, building). Further, there may be implications of ownership e.g. Public Place is something 'owned' by the public. There inconsistent uses of the terms can cause misinterpretations and incorrect applications. To prevent these, it might be prudent to make the implication more explicit e.g. Publicly Accessible Space and Publicly Owned Space as specific kinds of Public Space.
The same goes for private locations but privately accessible and owned have no different that is meaningful at this point unless we are talking about membership e.g. a worker accesses a warehouse as a privately accessible space - but any privately accessible space would by definition also be private owned. So the distinction is moot. Still it would be beneficial to define Private Space with a distinction on Privately Owned Space so as to distinguish between areas that are 'private' due to reasons other than those that are 'privately owned' - such as a private room that is owned by someone else but where currently it is the 'private domain' of its occupant.
There are also uses of the term "semi-public space, such as described in D4.4 Protection of public spaces: Manual for EU - PRoTECT project as "... some public spaces are semi-public spaces and are privately-owned or privately-operated spaces (e.g., train/ metro stations, shopping malls)". This use of Semi-Public seems compatible with the above use of privately owned public space but has the important distinction of public spaces operated by private entities (i.e. Privately Operated Space). This adds another dimension to public spaces as the distinction between who operates them - a public or a private entity. For example, the parks department uses CCTV's to monitor parks is quite different from the parks department contracting a private entity to monitor the parks. Same implications in another example - a train station being operated by a private entity but which itself is still a public place.
Similarly for Private Space, another dimension is to consider the nature of entity to which the space is private, and the operational context for which the location exists. For example, a shop that is privately owned can have the owner as an individual or an organisation and where the shop as a private space is open to the public in the course of a commercial activity. In comparison, private space for an individual could refer to their home (which they own, or rent, or are currently staying at) as well as to the 'space surrounding them' which is considered their 'private sphere' (such as when someone comes within it to argue/fight). Such private space for individuals can be better distinguished as a Personal Space as it relates to a specific person. By extension, we also have Communal Spaces which extend to several persons but still are defined in the context of individuals (but now as a group).
Based on the above, we have the following proposed modelling of locations that focus on providing familiar terms but which then aim to make contextual interpretations more explicit and promote explicit representation of facts/information:
PrivateSpace- a space that is owned or controlled by a private entity and where access to members of the public is restricted.PersonalSpace- a private space associated with an individual in a personal capacity - such as their home or the space around their physical person e.g. my home or my room.PrivatelyOwnedPlace- a place that is privately owned e.g. offices, malls.SemiPrivateSpace- a private space that acts as a shared space with other entities but which is still essentially private e.g. a semi-private hospital room shared with another patient.PrivateCommunalSpace- a space that is accessible to a group or a community within a private space and where members of the public do not have access to it e.g. society amenities such as gyms and pools.
PublicSpace- any space that is accessible to the public or is owned by the public (note: this is distinct from government ownership which can exclude public access from the place).PubliclyAccessibleSpace- a space that is accessible to all members of the public e.g. parks, malls, train stations. (note: this concept should be expanded in EU-AIAct extension with the Recital 19 definition.)PubliclyOwnedSpace- a space that is owned by the public e.g. national parks, forests.
SemiPublicSpace- a space that is a hybrid space i.e it has both public and private components - such as by having part of it be a private space or which is operated privately.PrivatelyOwnedPublicPlace- a space that is privately owned but which is accessible and usable by the public - whether freely or through a process which is open to all members of the public e.g. hotel lobby, shopping mall atriums. (note: this extendsPubliclyAccessibleSpaceandPrivatelyOwnedPlace.)PrivatelyOperatedPublicPlace- a space that is operated or managed by a private entity but which is accessible to the public e.g. a public bus station operated by a specific company. (note: this extendsPubliclyAccessibleSpaceand notPublicSpace.)
Based on the above categorisations, specific additional physical locations such as Home, Office/Workplace, ShoppingMall, TrainStation, BusStation, School, etc. can be modelled by combining different concepts. They can also be expanded in to a hierarchy to describe specific variations e.g. PrivateSchool as an extension of School and PrivatelyOwnedPlace.
The above modelling also works for VirtualLocation, though it would need a different set of concepts that relate to control over the location. For example, a browser's cookie storage is technically a WithinBrowser location which is a PrivatePlace, but the website provider(s) have any real meaningful control in using it. So similar to how we distinguish between public space and who operates it to create SemiPublicPlace, or how we have PrivatelyOwnedPublicSpace, we should have similar categorisations for virtual locations based on notions of private and control. This follows in reasoning from laws such as ePrivacy Directive (ePD) which consider user devices as private spaces, and therefore place obligations on them.
NOTE: No, the ePD does require consent if the app is doing its business as expected - it is only for deviating from this that consent is needed, and the criteria for valid consent is established in GDPR). Therefore what we are aiming to distinguish here is the notion of a private virtual location and who 'operates' it - the individual or another entity so that we can have meaningful distinction similar to what we have for publicly owned places and privately operated public spaces.
In any private sphere, there is a meaningful distinction between what is private and what is external to the private aspects. For example, if you are your home, a private location, a visitor coming to your home is an external actor who must be allowed to enter (otherwise they are committing a crime). Similarly, if a virtual location is a private place, then any external access to the location must be with some implied or established form of enablement or permission. In the case of web-browsers and software apps, enablement refers to the hardware and software enabling this type of access e.g. downloading external resources and executing them, and permission refers to the inclusion of the user in decision-making process (e.g. should location be shared with this app/website?).
In the case of cookies, even though there might be some 'permission' to allow use of cookies, the end-result is much like the establishment of a 'private space within another private space' like we see in a shopping mall where the mall owners/operators allow setting up of a 'private shop' which is effectively a private area within a private area as the shop owners/operators control everything within the shop and the mall owners/operators have no say in it. The question thus becomes how to distinguish between a 'private virtual location' that is under the entity's control from a 'private virtual location within a private virtual location' that is not. One possibility is to model PrivateVirtualLocation and then to extend it as ExternallyManagedVirtualLocation which enables distinguishing when someone else is controlling a 'private space'.
Using the above, we can represent how a user's device, though "virtual" and their "private location", has components that are "externally managed" and thus not under their control. This serves to represent information that decides privacy implications and thus further the aims of DPV. In this, it is important to note that being externally managed does not preclude the user or individual from exerting control over it - it only serves to state that another entity has influence or power over a private place. Much like the mall owner/operator, we too can 'kick out' the cookies or prevent them from being set up in the first place. But unfortunately we cannot dictate everything that goes on 'with/within' them and we certainly aren't profiting from 'leasing our space' (and personal data). But that's a problem for another time and another working note. For now we focus on how to represent locations to help represent such aspects.
The thoughts around modelling private and externally managed locations in context of cookies have been shaped through numerous discussions thanks to Georg P. Krog and Mark Lizar, both within and outside of the activities of the DPVCG.