Definition of the notion "Privacy"

[OliverPfaff]

The notion "privacy" (@Terminology) should be defined explicitly to avoid common pitfalls such as:

• Confusion between privacy (right of a individual to...) vs. secrecy (confidentiality for data...)
• Confusion on whether to include/exclude industrial systems in e.g. IIoT (legal entity-owned systems, absence of human actors [at least during operations])

[ereshetova]

We had this long problem with privacy definition because we didn't want to redefine the wheel again, and I think now privacy as well as security as terms are defined in the main architecture document. However, we do need to update the privacy section now in this doc since there has been many discussions about it and we got additional requirements, etc. Maybe we can explicitly point to these definitions from privacy section also.

[mmccool]

Right now, we use the ISO definition for Privacy, but I find it a little weak, since it refers to "private information" which seems circular. Maybe there is a deeper ISO definition (eg. of "private") that we can refer to; we should investigate further. We could also put this question to the Privacy IG.

[mmccool]

I have assigned myself to work on this; I think the next step should be to ask the Privacy IG for a definition or a reference we can use.