13:51:33 <RRSAgent> RRSAgent has joined #dpvcg
13:51:33 <RRSAgent> logging to https://www.w3.org/2018/09/18-dpvcg-irc
13:51:35 <trackbot> RRSAgent, make logs public
13:51:35 <Zakim> Zakim has joined #dpvcg
13:51:37 <trackbot> Meeting: Data Privacy Vocabularies and Controls Community Group Teleconference
13:51:37 <trackbot> Date: 18 September 2018
13:52:08 <Bert> agenda: https://www.w3.org/mid/FF0D259C-CCAA-49D6-9AEB-9D259E0832A1@wu.ac.at
13:52:09 <agendabot> clear agenda
13:52:09 <agendabot> agenda+ Roll call, select scribe, agenda
13:52:09 <agendabot> agenda+ Approval of last telcon's minutes:
13:52:09 <agendabot> agenda+ Go through action items
13:52:09 <agendabot> agenda+ Harsh's mail on how to structure what we collected so far:
13:52:12 <agendabot> agenda+ Plan next meeting(s) and revisit timeline.
13:52:14 <agendabot> agenda+ AOB
13:55:47 <Bert> chair: Bert
13:56:24 <Bert> RRSAgent, make minutes v2
13:56:24 <RRSAgent> I have made the request to generate https://www.w3.org/2018/09/18-dpvcg-minutes.html Bert
13:57:06 <simonstey> simonstey has joined #dpvcg
13:59:47 <Ramisa> Ramisa has joined #dpvcg
14:01:03 <Bert> present+
14:01:36 <AxelPollleres> AxelPollleres has joined #dpvcg
14:01:39 <simonstey> present+
14:02:23 <stefano> stefano has joined #dpvcg
14:02:26 <Bert> zakim, agenda?
14:02:26 <Zakim> I see 6 items remaining on the agenda:
14:02:27 <Zakim> 1. Roll call, select scribe, agenda [from agendabot]
14:02:27 <Zakim> 2. Approval of last telcon's minutes: [from agendabot]
14:02:27 <Zakim> 3. Go through action items [from agendabot]
14:02:27 <Zakim> 4. Harsh's mail on how to structure what we collected so far: [from agendabot]
14:02:27 <Zakim> 5. Plan next meeting(s) and revisit timeline. [from agendabot]
14:02:28 <Zakim> 6. AOB [from agendabot]
14:05:01 <Javier> Javier has joined #dpvcg
14:06:42 <stefano> do you need to assign me as a scribe?
14:07:08 <Bert> scribenick: stefano
14:07:48 <stefano> Bert asks whether there are more items for the agenda, no items added
14:08:13 <simonstey> +1
14:08:14 <stefano> No comments on the previous meeting's minutes
14:09:30 <stefano> action items: action "Add some overview of SPECIAL use case(s)" for Bert is half done
14:09:30 <trackbot> Error finding 'items'. You can review and register nicknames at <https://www.w3.org/community/dpvcg/track/users>.
14:09:38 <stefano> still on progress
14:10:08 <Bert> close action-9
14:10:08 <trackbot> Closed action-9.
14:10:41 <stefano> Action Nr. 9: Axel talked to Stefan Dekker but the action is not concluded yet
14:10:41 <trackbot> Error finding 'Nr.'. You can review and register nicknames at <https://www.w3.org/community/dpvcg/track/users>.
14:11:37 <stefano> About Action 12: Simon has already worked at the requirements templates some weeks ago
14:11:43 <Bert> action-12?
14:11:43 <trackbot> action-12 -- Simon Steyskal to Look over requirements template -- due 2018-08-14 -- OPEN
14:11:43 <trackbot> https://www.w3.org/community/dpvcg/track/actions/12
14:12:13 <simonstey> https://www.w3.org/community/dpvcg/wiki/Template_for_requirements
14:12:38 <stefano> The action has been discussed in a previous meeting, unclear why still open
14:13:07 <Bert> close action-12
14:13:07 <trackbot> Closed action-12.
14:13:54 <stefano> About Action 14: Axel still needs to follow up with contact with IEEE 7012
14:14:13 <harsh> harsh has joined #dpvcg
14:14:59 <stefano> About Action 17: Axel would like to decide what we want to build a vocabulary for, this is listed in the charter, this would be categories of data, purposes and processing
14:15:34 <stefano> Axel would like people would clarify their thoughts on these 3 points, since these are core points at least for a start
14:16:04 <stefano> it would be good to read the use cases in this light, so to categorize it according to the three above-mentioned points
14:16:41 <stefano> Axel is unsure about what more we need as far as requirements are concerned, more than what we already have or could get from what we have now
14:17:09 <stefano> also interesting categorisation of Data Controllers, but this is secondary
14:18:24 <simonstey> is data controller == data processor?
14:18:37 <stefano> No, it is different
14:20:26 <simonstey> +q
14:20:58 <stefano> Stefano proposes to add storage location, security and time of storage
14:21:08 <Bert> ack sim
14:22:36 <stefano> Simon asks whether we want to talk about data processors as well
14:23:39 <simonstey> https://www.gdpreu.org/the-regulation/key-concepts/data-controllers-and-processors/
14:24:40 <stefano> Axel proposes to close the list of categories and start examining the use cases
14:25:48 <stefano> About Action 18: Stefano had a look at one use case from Mydata but more work needs to be done
14:26:29 <Bert> close action-22
14:26:29 <trackbot> Closed action-22.
14:26:59 <stefano> Action 22: Nobody is going to the conference from the DECODE project
14:26:59 <trackbot> Error finding '22'. You can review and register nicknames at <https://www.w3.org/community/dpvcg/track/users>.
14:27:59 <AxelPollleres> PROPOSED: This is the initial requirements we want to cover in DPVCG
14:27:59 <AxelPollleres> * GDPR Terminology:
14:28:01 <AxelPollleres>     * agreed definition data controller
14:28:02 <AxelPollleres>     * agreed definition data processor
14:28:04 <AxelPollleres>     * agreed definition data recipient
14:28:05 <AxelPollleres>     * agreed definition data subject
14:28:07 <AxelPollleres> * We want to define hierarchical taxonomies (backed by use cases) of
14:28:08 <AxelPollleres>     * categories of personal data
14:28:10 <AxelPollleres>     * (personal data handling) purposes
14:28:11 <AxelPollleres>     * processing categories
14:28:13 <AxelPollleres>     * categories of data controllers, processors, recipients (optional)
14:28:14 <AxelPollleres>     * storage locations
14:28:15 <AxelPollleres>     * security measures
14:28:16 <AxelPollleres>     * storage duration
14:29:58 <harsh> +q
14:30:05 <Bert> ack har
14:30:28 <harsh> no audio :(
14:30:34 <harsh> I'll type instead
14:31:05 <harsh> Should we be comprehensive about ALL terms in the context of GDPR compliance? e.g. data source, consent & how it was given, etc.
14:31:06 <stefano> Javier: In Vienna there was a comment about anonymisation of personal data
14:31:23 <AxelPollleres> s/security measures/security measures (incl. e.g. anonymisation "levels")
14:31:47 <stefano> This might be included in the security category
14:33:21 <stefano> Pseudoanonymisation is explicitly mentioned as security measure in the GDPR
14:34:26 <AxelPollleres> q+
14:34:35 <Bert> ack ax
14:34:48 <stefano> Stefano: consent should be covered for GDPR
14:35:30 <stefano> Axel: we need to formalise consent, this is the reason why he proposed the categories already mentioned
14:35:56 <stefano> Stefano: I think we can start with what Axel proposes
14:36:49 <AxelPollleres> Axel: I'd be happy to take it from there if we think that this list is not enough to formalize consent (happy to open an issue for that along with the proposal
14:38:10 <stefano> Harsh proposes to have a different section on the discussion regarding terms such as consent, to have a place where the different meaning are listed so they can be referred back to
14:38:25 <stefano> This section would be on the wiki
14:39:24 <stefano> Harsh is willing to start this section
14:40:24 <stefano> ACTION to Harsh: create a section about different terms on the wiki
14:40:24 <trackbot> Error finding 'to'. You can review and register nicknames at <https://www.w3.org/community/dpvcg/track/users>.
14:41:26 <stefano> SImon: we can explicitly indicate that the list could be expanded in the future
14:41:54 <AxelPollleres> PROPOSED: This is an initial non-comprehensive list of GDPR Terminology terms, we want to define/agree upon in DPVCG (we might extend this list upon additional proposals):
14:41:55 <AxelPollleres>     * agreed definition data controller
14:41:56 <AxelPollleres>     * agreed definition data processor
14:41:58 <AxelPollleres>     * agreed definition data recipient
14:41:59 <AxelPollleres>     * agreed definition data subject
14:41:59 <AxelPollleres>     * agreed definition consent
14:42:11 <simonstey> +1
14:42:13 <AxelPollleres> +1
14:42:18 <harsh> +1
14:42:34 <stefano> +1
14:42:36 <harsh> q+
14:42:39 <Bert> +1
14:42:39 <AxelPollleres> +1
14:42:48 <Ramisa> +1
14:42:49 <Bert> ack ha
14:43:58 <stefano> harsh: should compliance be included? Axel: the notion should be put in a separete proposal
14:44:04 <stefano> harsh: should compliance be included? Axel: the notion should be put in a separate proposal
14:44:36 <Javier> +1
14:44:48 <AxelPollleres> RESOLVED: This is an initial non-comprehensive list of GDPR Terminology terms, we want to define/agree upon in DPVCG (we might extend this list upon additional proposals):
14:44:48 <AxelPollleres>     * agreed definition data controller
14:44:50 <AxelPollleres>     * agreed definition data processor
14:44:51 <AxelPollleres>     * agreed definition data recipient
14:44:52 <AxelPollleres>     * agreed definition data subject
14:44:53 <AxelPollleres>     * agreed definition consent
14:45:00 <AxelPollleres> PROPOSED: We want to the define the following hierarchical taxonomies (backed by use cases), where again we might extend this list upon additional proposals):
14:45:01 <AxelPollleres>     * categories of personal data
14:45:02 <AxelPollleres>     * (personal data handling) purposes
14:45:04 <AxelPollleres>     * processing categories
14:45:05 <AxelPollleres>     * categories of data controllers, processors, recipients (optional)
14:45:07 <AxelPollleres>     * storage locations
14:45:08 <AxelPollleres>     * security measures (including e.g. anonymisation "levels", pseudonymisation)
14:45:09 <AxelPollleres>     * storage duration
14:45:10 <AxelPollleres> +1
14:45:14 <harsh> +1
14:45:18 <simonstey> +1
14:45:19 <Javier> +1
14:45:24 <Ramisa> +1
14:45:25 <stefano> +1
14:45:35 <Bert> +1
14:45:58 <AxelPollleres> RESOLVED: We want to the define the following hierarchical taxonomies (backed by use cases), where again we might extend this list upon additional proposals):
14:45:59 <AxelPollleres>     * categories of personal data
14:46:00 <AxelPollleres>     * (personal data handling) purposes
14:46:02 <AxelPollleres>     * processing categories
14:46:03 <AxelPollleres>     * categories of data controllers, processors, recipients (optional)
14:46:04 <AxelPollleres>     * storage locations
14:46:05 <AxelPollleres>     * security measures (including e.g. anonymisation "levels", pseudonymisation)
14:46:06 <AxelPollleres>     * storage duration
14:46:31 <stefano> +q
14:46:40 <Bert> ack ste
14:47:50 <harsh> +q
14:47:57 <Bert> ack ha
14:48:26 <stefano> Stefano: compliance is not something that you can self-assess and assign to your case
14:49:01 <stefano> Harsh: some terms related to compliance such as transparence could be relevant to the group
14:49:57 <stefano> Axel: we need to define what needs to be defined in a machine-readable manner, for his minimalistic view this is not needed at this stage, but if there is a use case for it it can be included
14:50:30 <stefano> harsh: data subject rights are important, should this be included?
14:50:48 <stefano> q+
14:51:58 <AxelPollleres> ISSUE: do we need to formulate a notion of compliance in scope of the CG?
14:51:59 <trackbot> Created ISSUE-2 - Do we need to formulate a notion of compliance in scope of the cg?.  Please complete additional details at <https://www.w3.org/community/dpvcg/track/issues/2/edit>.
14:52:17 <AxelPollleres> ISSUE: do we want to revisit a definition of "GDPR rights" in our definitions and taxonomies?
14:52:17 <trackbot> Created ISSUE-3 - Do we want to revisit a definition of "gdpr rights" in our definitions and taxonomies?.  Please complete additional details at <https://www.w3.org/community/dpvcg/track/issues/3/edit>.
14:52:28 <Bert> ack stef
14:53:27 <simonstey> q+
14:54:00 <AxelPollleres> stefano: e.g. right to be forgotten, how can it be executed/enforced
14:54:34 <Bert> ack sim
14:55:35 <stefano> Simon: there could be ways to express already rights for example in terms of permissions using e.g. ODRL
14:55:48 <Bert> q?
14:57:28 <stefano> Javier: how do you want to collect the different items, one per page? Axel: we could think in terms of questions, that should be answered per use case, and give us a start
14:57:36 <harsh> q+
14:57:45 <AxelPollleres> Axel: need to run ... I would like to talk about next time on in how far in our use cases we have collected so far cover the aspects we have now agree upon, in terms of concrete questions that should be answred per use case.
14:57:55 <Bert> ack har
14:58:13 <stefano> harsh: suggestion for having a small example to get people started
14:58:19 <stefano> Axel will try to do so
14:58:53 <AxelPollleres> ACTION: Axel to formulate a use case to exemplify what I proposed today :-) (categorization along the categories and terminology we agreed upon today)
14:58:53 <trackbot> Created ACTION-24 - Formulate a use case to exemplify what i proposed today :-) (categorization along the categories and terminology we agreed upon today) [on Axel Polleres - due 2018-09-25].
14:59:13 <AxelPollleres> needed to run, sorry
14:59:17 <AxelPollleres> thanks all!
14:59:47 <stefano> Bert ask whether there are more points to discuss, but this is it for today, next call in 2 weeks
15:00:19 <harsh> thank you && good day : )
15:00:25 <Ramisa> Thanks
15:05:24 <AxelPollleres> AxelPollleres has joined #dpvcg
15:14:44 <AxelPollleres> AxelPollleres has joined #dpvcg
15:28:05 <AxelPollleres> AxelPollleres has joined #dpvcg
15:40:46 <AxelPollleres> AxelPollleres has joined #dpvcg
15:44:44 <AxelPollleres> AxelPollleres has joined #dpvcg
15:54:22 <AxelPollleres> AxelPollleres has joined #dpvcg
16:05:13 <AxelPollleres> AxelPollleres has joined #dpvcg
16:29:58 <AxelPollleres> AxelPollleres has joined #dpvcg
16:37:13 <AxelPollleres> AxelPollleres has joined #dpvcg
16:43:55 <harsh> harsh has joined #dpvcg
16:44:13 <AxelPollleres> AxelPollleres has joined #dpvcg