– DRAFT –
dpvcg
06 November 2018
<AxelPollleres> Hello everybody!
<Urosh> Hi all
<Urosh> Where can we find the link for the call?
<Eva> https://mit.webex.com/mit/j.php?MTID=m58820d34eca4f9e04cd99547751d1c12
<Urosh> the one provided in the email asks for login credentials
<Urosh> thanks!
<Eva> Meeting numbe ris 317 247 878
<AxelPollleres> PROPOSED: approve last call's minutes https://www.w3.org/2018/10/16-dpvcg-minutes
<harsh> +1
<AxelPollleres> +1
<stefano> +1
Resolved: approve last call's minutes https://www.w3.org/2018/10/16-dpvcg-minutes
<AxelPollleres> https://www.w3.org/community/dpvcg/track/actions/open
Action: axel to contact michael markevich on ACTION-6
<trackbot> Created ACTION-31 - Contact michael markevich on action-6 [on Axel Polleres - due 2018-11-13].
<stefano> who is the scribe?
<AxelPollleres> close ACTION-7
<trackbot> Closed ACTION-7.
<MarkLizar> Hello
<AxelPollleres> ACTION-11 continued
<AxelPollleres> ACTION-14 continued
<AxelPollleres> close ACTION-17 with the conclusion that we do at the moment not focus on rediscussing requirements
<AxelPollleres> close ACTION-17
<trackbot> Closed ACTION-17.
<AxelPollleres> ACTION-19 continued
<AxelPollleres> close ACTION-23
<trackbot> Closed ACTION-23.
<AxelPollleres> close ACTION-24
<trackbot> Closed ACTION-24.
<AxelPollleres> close ACTION-26
<trackbot> Closed ACTION-26.
<AxelPollleres> ACTION-27 continued
<AxelPollleres> close ACTION-28
<trackbot> Closed ACTION-28.
<AxelPollleres> close ACTION-30
<trackbot> Closed ACTION-30.
<AxelPollleres> ACTION-29 continued
AxelPolleres: Next points on the agenda, to discuss progress since last time. There has been some discussion on lawfulness for processing.
<AxelPollleres> … rigo's image: https://lists.w3.org/Archives/Public/public-dpvcg/2018Nov/att-0002/GDPR-taxonomy.pdf
AxelPolleres: Started in the mail thread (link shared
Eva: It would be good to inform the community about Rigo's email.
link to Rigo's email https://lists.w3.org/Archives/Public/public-dpvcg/2018Nov/0002.html
<Sabrina> The meeting / discussion happened at the SPECIAL consortium meeting in London
Eva: The email (has an attachment). Axel, Rigo and I met last week, and we were discussing lawfulness of processing, and Rigo said we should try to convey what a lawyer would look at first when auditing the legality of processing. Perhaps we can display the steps of what the auditor would map/show (?). That was Rigo's first attempt, but I will probably do one as well.
Eva: To see which kind of elements a lawyer would look at in the context of the GDPR
<Sabrina> clarification: The whole consortium were involved in the discussion not just Eva, Rigo and Axel
AxelPolleres: The discussion was around the second layer of the tree (see attachment in Rigo's email). On the other hand, there was discussion where several people have replied via email. Can Eva and Rigo summarise these discussions?
Eva: We can do that. However, I can get around to it only in the next week.
Action: Eva (and Rigo) to summarize the discussion for legitmation of data processing and come up with a first proposal of categories
<trackbot> Created ACTION-32 - (and rigo) to summarize the discussion for legitmation of data processing and come up with a first proposal of categories [on Eva Schlehahn - due 2018-11-13].
AxelPolleres: Next on the agenda, consent and competency consent
<AxelPollleres> Elements of consent/competency questions for consent https://lists.w3.org/Archives/Public/public-dpvcg/2018Oct/0025.html <https://lists.w3.org/Archives/Public/public-dpvcg/2018Oct/0025.html>, https://lists.w3.org/Archives/Public/public-dpvcg/2018Oct/0038.html <https://lists.w3.org/Archives/Public/public-dpvcg/2018Oct/0038.html> -> I would like to task someone to summarize these and make a proposal to the group we can discuss, e.g. based on what [CUT]
<AxelPollleres> in the minutes last time:
<AxelPollleres> consent = agreement through an [affirmative action] at a specific [time] with a [data controller] to specific [processing] and [storage] of specific [data categories] for specific [purpose] and [duration]
<AxelPollleres> which of these aspects are similarly relevant for other forms of legitmation than consent?
AxelPolleres: There was discussion on elements on consent, there were some mails. In our last call, we got some attributes for what consent, which is an affirmative action (...) from email. The things in the square attributes would be the attributes, are we missing some attributes? There was some discussion on the mailing list. Someone needs to summarise these to see if we need more refined definitions.
AxelPolleres: As someone said, storage is also a kind of processing, but has advantages in having a special status.
Javier: It is missing the Data Subject
<AxelPollleres> Niklas: [data subject] is missing
AxelPolleres: This is related to the action to Eva and Rigo. These attributes would hold for other forms of legal basis / lawfulness?
harsh: Time and duration might be relevant
harsh: had a go on attributes relevant for attributes on other legitimation
MarkLizar: I've been working on parameters of consent, I can provide some input regarding that
AxelPolleres: Harsh and Mark, can you summarise this? To give us a summary of the discussion? To review these by the group. The current definition could be "agreement by .. a data subject".
<AxelPollleres> Mark: can provide input on that.
<AxelPollleres> consent = agreement by a [data subject[ through an [affirmative action] at a specific [time] with a [data controller] to specific [processing] and [storage] of specific [data categories] for specific [purpose] and [duration]
harsh: I can add these to the wiki
MarkLizar: We have just written the GDPR version and added the elements, what is not clear, is regarding delegation of consent, sub-processing, the scope of consent. These things are missing in the definitions.
Action: Harsh to summarize elements of consent from the mails and align with Mark Lizar on "concent receipt" definition (e.g. on delegation)
<trackbot> Created ACTION-33 - Summarize elements of consent from the mails and align with mark lizar on "concent receipt" definition (e.g. on delegation) [on Harshvardhan Pandit - due 2018-11-13].
MarkLizar: In a consent transaction, there is someone acting on the behalf of the consent, controller, etc. which is a delegation which is important to catch.
AxelPolleres: For e.g. consent for minors
MarkLizar: yes, consent for minor. A processor acting on the behalf of the controllor, or a trust provider acting on behalf of the regulator.
<AxelPollleres> MarkLizar: often third party involved, also on behalf of Data Controller.
<Javier> Axel: Please keep the discussion in the mailing list
<AxelPollleres> Axel: please keep the discussion on the mailinglist.
<Eva> I support this request, these are very important aspects Mark raised
AxelPolleres: How do we structure or order these (collected) categories?
<AxelPollleres> Axel: just lables there so far, definitions would be useful, anyway a great start.
<Eva> having trouble with the network connection, I apologize
AxelPolleres: the terms listed in the taxonomy are structured along different dimensions (such as scientific data). So we should ask what are these categories (to identify)?
MarkLizar: It has been difficult to find a consistent taxonomy or structure for categorisation (based on experience)
Action: Niklas to start structuring categories of personal data and involved dimensions together with Elmar and Harsh, Mark
<trackbot> Created ACTION-34 - Start structuring categories of personal data and involved dimensions together with elmar and harsh, mark [on Niklas Kirchner - due 2018-11-13].
MarkLizar: I can share some previous attempts that did not work
MarkLizar: GDPR has categories of controller, which are referenced lightly. We called them GDPR purpose categories, but they are different lists.
AxelPolleres: We are interested in different taxonomies for categories of data, processing, data subjects, etc. We have a starting point already. We should try to structure there, but we don't have these for the use-cases.
AxelPolleres: We should go through the use-cases, and task the owners (of use-case) to enter the applicable taxonomies (from email) to the use-case page.
AxelPolleres: This will allow us to cover the use-cases and to see if we are missing something. (suggested approach to go forward).
https://www.w3.org/community/dpvcg/wiki/Taxonomy
<AxelPollleres> https://www.w3.org/community/dpvcg/wiki/Taxonomy
AxelPolleres: For the approved categories, we should start focusing on these.
Action: Mark to add previous classifications to subpages of https://www.w3.org/community/dpvcg/wiki/Taxonomy
<trackbot> Created ACTION-35 - Add previous classifications to subpages of https://www.w3.org/community/dpvcg/wiki/taxonomy [on Mark Lizar - due 2018-11-13].
MarkLizar: I have a few reasons why these categories/lists don't work (to be adde to Taxnomy wiki)
AxelPolleres: Next on the agenda, use-cases. Do we have some use-case owner's on call.
<AxelPollleres> https://lists.w3.org/Archives/Public/public-dpvcg/2018Nov/0000.html points 1.-6. in the email
<Eva> Harald can try to do that proposed action on the public entities obligations use case he added to the wiki
<AxelPollleres> current use cases:
<AxelPollleres> https://www.w3.org/community/dpvcg/wiki/Use-Cases,_Requirements,_Vocabularies#Use-Cases
AxelPolleres: What we need (w.r.t use-cases) is more description based on the points in the email.
Action: Rudy to add points 1.-6. from https://lists.w3.org/Archives/Public/public-dpvcg/2018Nov/0000.html to https://www.w3.org/community/dpvcg/wiki/SPECIAL/Proximus_use_case
<MarkLizar> Apologies - I have to drop - as I am at a security conference in Brussels and have to participate.. - very nice pace Axel !!
<trackbot> Created ACTION-36 - Add points 1.-6. from https://lists.w3.org/archives/public/public-dpvcg/2018nov/0000.html to https://www.w3.org/community/dpvcg/wiki/special/proximus_use_case [on Rudy Jacob - due 2018-11-13].
Action: MArtin to add points 1.-6. from https://lists.w3.org/Archives/Public/public-dpvcg/2018Nov/0000.html to https://www.w3.org/community/dpvcg/wiki/SPECIAL/DT_use_case
<trackbot> Error finding 'MArtin'. You can review and register nicknames at <https://www.w3.org/community/dpvcg/track/users>.
<Martin_K> I'm here and will tak the actions
<Martin_K> for some reasins audio did not work:(
<Martin_K> sorry for spelling errors
<Eva> Yes I have sometimes trouble with the audio as well
Action: Ben to add points 1.-6. from https://lists.w3.org/Archives/Public/public-dpvcg/2018Nov/0000.html to https://www.w3.org/community/dpvcg/wiki/SPECIAL/TR_use_case
<trackbot> Created ACTION-37 - Add points 1.-6. from https://lists.w3.org/archives/public/public-dpvcg/2018nov/0000.html to https://www.w3.org/community/dpvcg/wiki/special/tr_use_case [on Benedict Whittam Smith - due 2018-11-13].
<Eva> Axel, I think you've skipped the public entities use case - this would be an action point for Harald
Action: Stefano to Add points 1.-6. from https://lists.w3.org/archives/public/public-dpvcg/2018nov/0000.html to https://www.w3.org/community/dpvcg/wiki/DECODE/DEC01_use_case - https://www.w3.org/community/dpvcg/wiki/DECODE/DEC03_use_case
<trackbot> Created ACTION-38 - Add points 1.-6. from https://lists.w3.org/archives/public/public-dpvcg/2018nov/0000.html to https://www.w3.org/community/dpvcg/wiki/decode/dec01_use_case - https://www.w3.org/community/dpvcg/wiki/decode/dec03_use_case [on Stefano Bocconi - due 2018-11-13].
Action: Elmar to add points 1.-6. from https://lists.w3.org/archives/public/public-dpvcg/2018nov/0000.html to https://www.w3.org/community/dpvcg/wiki/OwnYourData/Data_Donation
<trackbot> Created ACTION-39 - Add points 1.-6. from https://lists.w3.org/archives/public/public-dpvcg/2018nov/0000.html to https://www.w3.org/community/dpvcg/wiki/ownyourdata/data_donation [on Elmar Kiesling - due 2018-11-13].
AxelPolleres: About F2F in December. Two days in December (3 or 5)
AxelPolleres: Would strongly prefer 3rd over 5th.
<AxelPollleres> Stefano, Ramisa would be able to dial in on the 3rd.
<Eva> At which time would we start on the 3rd?
AxelPolleres: Goal would be to progress on the things discussed today for coming up with a basis for the vocabulary.
<Sabrina> I have a lecture in the morning therefore I could not join until after lunch
<AxelPollleres> PROPOSED: F2F meeting at December third in Vienna at WU.
<AxelPollleres> +1
<simonstey> +1
<stefano> so it would be all day long meeting?
<AxelPollleres> niklas: +1
<Martin_K> +1
AxelPollleres: any objections to 3 dec?
<stefano> +1
<Javier> +1
<Eva> +1
<Martin_K> sorry, need to leave now. cu in Vienna dec 3rd
Resolved: F2F meeting at December third in Vienna at WU.
<Eva> Starting time?
<AxelPollleres> starting time 9am latest, I'd say.
<AxelPollleres> let's discuss details next time.
<stefano> bye
<AxelPollleres> adjourned.
<AxelPollleres> AOB please on mailinglist!