12:54:15 <RRSAgent> RRSAgent has joined #dpvcg
12:54:15 <RRSAgent> logging to https://www.w3.org/2019/02/12-dpvcg-irc
12:54:17 <trackbot> RRSAgent, make logs public
12:54:20 <trackbot> Meeting: Data Privacy Vocabularies and Controls Community Group Teleconference
12:54:20 <trackbot> Date: 12 February 2019
12:54:24 <Eva_Bud> Eva_Bud has joined #dpvcg
12:54:36 <harsh> harsh has joined #dpvcg
12:54:44 <Bert> regrets+ Martin
12:54:50 <Bert> chair: Axel
12:55:27 <agendabot> agendabot has joined #dpvcg
12:55:31 <Bert> agenda: https://www.w3.org/mid/EC031F3B-800F-40DF-9C37-D6B5041C8FCF@wu.ac.at
12:55:33 <agendabot> clear agenda
12:55:33 <agendabot> agenda+ Roll call, select scribe, agenda
12:55:33 <agendabot> agenda+ Approval of last telcon's minutes:
12:55:33 <agendabot> agenda+ Action items
12:55:35 <agendabot> agenda+ Issues
12:55:38 <agendabot> agenda+ Status of vocabularies/taxonomies
12:55:40 <agendabot> agenda+ AOB
12:56:10 <Bert> present+ Bert, Eva, Bud
12:56:19 <Bert> RRSAgent, make minutes v2
12:56:19 <RRSAgent> I have made the request to generate https://www.w3.org/2019/02/12-dpvcg-minutes.html Bert
12:56:57 <Bert> agenda?
12:57:22 <harsh> present+
13:00:22 <AxelPollleres> AxelPollleres has joined #dpvcg
13:00:30 <AxelPollleres> gimme a second, dialing.
13:00:39 <stefano> stefano has joined #dpvcg
13:01:41 <Ramisa> Ramisa has joined #dpvcg
13:01:49 <Fajar> Fajar has joined #dpvcg
13:01:59 <Bert> present+ Javier, Ramisa, Stefano
13:03:40 <Bert> present+ Axel
13:03:51 <AxelPollleres> scribe vounteers?
13:03:56 <Javier> Javier has joined #dpvcg
13:04:07 <AxelPollleres> scribe: javier
13:04:10 <stefano> I need to leave in ~35 min
13:04:44 <Bert> present+ Fajar
13:05:23 <AxelPollleres> PROPOSED: approve minutes from last call https://www.w3.org/2019/01/22-dpvcg-minutes
13:05:28 <harsh> +1
13:05:32 <Eva_Bud> +1
13:05:40 <Javier> +1
13:05:41 <Fajar> +1
13:05:46 <AxelPollleres> RESOLVED: approve minutes from last call https://www.w3.org/2019/01/22-dpvcg-minutes
13:05:55 <Ramisa> +1
13:06:14 <Javier> topic: action items
13:07:17 <AxelPollleres> ACTION: write an email to Michael Markevich on ACTION-6 and whether he still plans to join.
13:07:17 <trackbot> Error finding 'write'. You can review and register nicknames at <https://www.w3.org/community/dpvcg/track/users>.
13:07:35 <AxelPollleres> ACTION: Axel to write an email to Michael Markevich on ACTION-6 and whether he still plans to join
13:07:36 <trackbot> Created ACTION-62 - Write an email to michael markevich on action-6 and whether he still plans to join [on Axel Polleres - due 2019-02-19].
13:08:47 <AxelPollleres> ACTION-11, ACTION-19 saved for later, when we have a first stable version.
13:09:06 <AxelPollleres> close ACTION-29
13:09:08 <trackbot> Closed ACTION-29.
13:09:22 <Javier> actions?
13:09:35 <AxelPollleres> ACTION-33 still continued
13:10:39 <Javier> Harsh and Fajar are taking over ACTION-34
13:11:32 <AxelPollleres> Mark just joined
13:11:53 <Javier> Mark: looked at categories for purposes and description definition, looking at the scope
13:11:58 <Bert> present+ Mark
13:12:11 <Javier> ... e.g. data types are definitively in scope
13:12:53 <Javier> ... sector categories as well, UK define the core business purpose as a key activity
13:13:14 <Javier> ... good item to define what's expected from a company
13:13:42 <Javier> i.e., the core sector + purpose + core business purpose could be a good indicator of the purpose
13:14:04 <Javier> ... This could be a good discussion point for the WG
13:14:05 <AxelPollleres> Mark, ACTION-33: definition of about core business (purpose) plus processing give a description of what purpose is.
13:15:32 <Bert> present+ Simon
13:15:38 <AxelPollleres> close ACTION-37 (Axel finished it)
13:15:46 <AxelPollleres> close ACTION-37
13:15:47 <trackbot> Closed ACTION-37.
13:16:30 <Javier> Harsh created a github repository, he can transfer the ownership to the WG: https://github.com/dpvcg
13:16:45 <AxelPollleres> ACTION-52: we can just use harsh's repo https://github.com/dpvcg
13:16:45 <trackbot> Notes added to ACTION-52 Ask bert about w3c github repository action from august and create a github under w3c for dpvcg.
13:16:56 <AxelPollleres> close ACTION-52
13:16:56 <trackbot> Closed ACTION-52.
13:17:12 <AxelPollleres> Every let harsh know their github username.
13:17:12 <Javier> ... Harsh can add people to the repository, he just needs the github username
13:17:51 <AxelPollleres> close ACTION-56
13:17:51 <trackbot> Closed ACTION-56.
13:18:25 <AxelPollleres> close ACTION-57
13:18:25 <trackbot> Closed ACTION-57.
13:19:16 <AxelPollleres> ACTION-59  ... mail https://lists.w3.org/Archives/Public/public-dpvcg/2019Feb/0008.html
13:19:44 <Javier> Eva doubts the criteria for data protection assessment from edpb can be used for the vocabularies
13:19:53 <Javier> ... but she will send an email with the info
13:19:54 <AxelPollleres> close ACTION-59
13:19:54 <trackbot> Closed ACTION-59.
13:19:58 <AxelPollleres> https://lists.w3.org/Archives/Public/public-dpvcg/2019Feb/att-0008/2017-10-04_wp248_rev01_Guidelines_on_DPIA_updated.pdf
13:21:22 <Javier> Axel: can we standardise the restrictions or measures of security ?
13:22:20 <Javier> Mark:Low/high risks... Regulators say this cannot be standardise, but I think the criteria can be
13:22:25 <AxelPollleres> Mark: we can't really standardise what is low or high risk
13:22:29 <Eva_Bud> the only criterion useful for vocabulary from my point of view would be the data categories themselves, since they are key to detect whether sensitive information may be involved in the processing
13:22:55 <Javier> e.g. in UK the number of employees impacts the high risks
13:23:44 <Javier> also interesting (e.g. in Canada?) not only if it's risk, but what the risks are
13:23:52 <Javier> Eva: It's always context dependent
13:24:08 <Javier> ... depends of the process you have, which data, people involved....
13:24:27 <Javier> ... it's something that we also have partially in our vocabularies, e.g. with data categories
13:24:30 <AxelPollleres> criteria can hardly be standardized, except maybe partially in the data categories
13:25:15 <AxelPollleres> close ACTION-61
13:25:15 <trackbot> Closed ACTION-61.
13:25:22 <AxelPollleres> ACTION-60 continued
13:26:03 <Javier> topic: overview of our current status
13:27:12 <MarL> MarL has joined #dpvcg
13:27:25 <Javier> Axel presents a presentation summarising the status: see https://lists.w3.org/Archives/Public/public-dpvcg/2019Feb/0005.html
13:27:30 <MarL> Hi..
13:28:44 <Bert> -> https://www.w3.org/community/dpvcg/wiki/images/f/f9/2019-02-12-DPVCG-status_update.pdf Axel's slides
13:29:42 <Javier> Axel summarises the timeline and some numbers (#telcos, etc.)
13:29:56 <Javier> ... Having a F2F on march or april might be good
13:30:18 <Javier> ... We could maybe do it in Vienna again, or Dublin
13:30:36 <Bert> +1 to a ftf, no pref for location
13:31:12 <Eva_Bud> +1 to f2f, but depends on time/date, no pref on location
13:31:22 <Javier> Fajar: I cannot do it in these months
13:31:36 <AxelPollleres> ACTION: Bert to set up doodle preferrred dates for F2F in second half of MArch or first half of April
13:31:36 <trackbot> 'Bert' is an ambiguous username. Please try a different identifier, such as family name or username (e.g., bbos, bertv).
13:32:02 <Javier> ACTION: bbos to set up doodle preferred dates for F2F in second half of MArch or first half of April
13:32:03 <trackbot> Created ACTION-63 - Set up doodle preferred dates for f2f in second half of march or first half of april [on Bert Bos - due 2019-02-19].
13:32:12 <Eva_Bud> having trouble with sound and connection again, sorry
13:32:19 <Eva_Bud> :(
13:33:12 <Javier> Axel continues the presentation of the slides with the status of the DPVCG vocabularies, in particular personal data categories, purposes and processing, as they were discussed actively
13:33:36 <Javier> ... we need how to connect the dots
13:33:55 <Javier> ... "A personal Data Category is undergoing specified processing by a specific data controller and/or ? for a particular purpose, based on a specific legal ground, with (optionally?) transferred to some recipient specified security measures and restrictions (e.g. storage locations and storage durations)."
13:34:57 <Javier> ... all "boxes" are already in some vocabularies e.g. SPECIAL, while others such as legal grounds or security measures are rather new
13:35:49 <Javier> ... we also discussed (Axel, Harsh, Fajar, Javier) that maybe we need to restrict the purpose to certain business activity/sector
13:36:07 <Javier> ... also Personal data Categories may be subdivided into sensitive data categories
13:37:03 <Javier> ... As for the Personal Data categories, there is a proposal by Harsh and Fajar to start with the initial proposal by the Enterprise Consulting group
13:37:54 <Javier> ... In addition we have more categories for the uses cases, the SPECIAL categories and more from the special categories, GDPR article 9 and 4
13:38:25 <Javier> ... The proposal is to use the  Enterprise Consulting group as the anchor, and map the other onto it
13:38:53 <Eva_Bud> connection gone Nirwana again, sigh
13:38:57 <Javier> Mark: I talked to them, we iterated on this (e.g. on inference data), I think it's CC
13:39:04 <Javier> ... I can invite them to the WG
13:39:19 <AxelPollleres> ACTION: Mark to reach out to enterprivacy.com on whether we can use their categories as a starting point, check License, and invite them to our working group.
13:39:20 <trackbot> Created ACTION-64 - Reach out to enterprivacy.com on whether we can use their categories as a starting point, check license, and invite them to our working group. [on Mark Lizar - due 2019-02-19].
13:39:29 <harsh> Paper for the personal data categories - D. J. Solove, ‘A Taxonomy of Privacy’, Social Science Research Network, Rochester, NY, SSRN Scholarly Paper ID 667622, Feb. 2005. und
13:40:00 <Javier> Axel: the plan is that Harsh and Fajar can work on this and come with a first version within a month
13:40:27 <stefano> I am very sorry I need to leave, will try to catch up from minutes
13:40:35 <Javier> ... As for purposes, we had initial categories of purposes during the last F2F
13:40:46 <Javier> https://www.w3.org/community/dpvcg/wiki/Purposes_for_handling_Personal_Data
13:41:24 <Javier> ... see bottom of the page
13:42:03 <Eva_Bud> we don't hear anything, let us know when you have specific things for us please
13:42:44 <Javier> ... The plan is to integrate the different approaches (Axel and Javier)
13:42:53 <Javier> ... The question was if we need to include business sectors
13:43:26 <Javier> Mark: Hyperledger (content on the blockchain)... they spend several months to look at country codes
13:43:54 <AxelPollleres> Mark: Hyperledger work on consent on Blockchain, looking at business codes and suggest to use financial industry codes GICS would be appropriate.
13:44:06 <Javier> ... It makes sense to use global industry and sector classification GICS, updated in 2017
13:44:13 <Javier> ... I would recommend that
13:44:54 <Javier> ... when a company registers, e.g. in UK, they are assigned one code
13:45:27 <Javier> ... there are multiple versions, the global ID seems to be the best option
13:45:43 <Javier> ... the most interoperable
13:46:02 <AxelPollleres> Mark: GICS code is driven by financial services, global, would make sense as astarting point.
13:46:03 <Javier> Axel: are there mapping from the other codes to GICS?
13:46:09 <Javier> MArk: no that I know
13:46:17 <Javier> Axel: this could be something to do
13:46:38 <harsh> https://opencorporates.com/
13:46:40 <AxelPollleres> ISSUE: Are there mappings to GICS from other coding systems NAICS/NACE/ISIC ...
13:46:40 <trackbot> Created ISSUE-10 - Are there mappings to gics from other coding systems naics/nace/isic ....  Please complete additional details at <https://www.w3.org/community/dpvcg/track/issues/10/edit>.
13:46:42 <Javier> Mark: I would recommend to have a look also to opencorporate.com
13:46:53 <Javier> ... it's not global, it's local + ?
13:47:47 <Javier> Axel: The next discussion was about legal grounds, we agreed to keep it separated
13:48:06 <Eva_Bud> we see the slides but we still dont hear anything :( Eva plans on continuing on this legal "taxonomy" though
13:48:10 <Javier> ... we don't have a taxonomy but the picture from Eva
13:48:57 <Eva_Bud> Axel, can you make an action for me to tend further to this?
13:49:19 <Javier> Axel: As for processing, we have worked less, we have some starting points but we need more work
13:49:44 <AxelPollleres> ACTION: Eva and Bud to further elaborate on legal grounds taxonomy
13:49:45 <trackbot> Created ACTION-65 - And bud to further elaborate on legal grounds taxonomy [on Eva Schlehahn - due 2019-02-19].
13:50:01 <Javier> Axel: someone volunteering for the processing category?
13:50:13 <Javier> Harsh: I have added some terms from the GDPR
13:50:23 <Javier> Axel: The main point is to structure it
13:50:44 <Javier> Harsh: I can do, but I might need someone to review
13:51:29 <Eva_Bud> Bud and I can review
13:51:35 <Javier> Ramisa: I can help a bit
13:51:45 <AxelPollleres> ACTION: Harsh to look into structuring Processing categories, Ramisa, Bud, Eva to help/review.
13:51:46 <trackbot> Created ACTION-66 - Look into structuring processing categories, ramisa, bud, eva to help/review. [on Harshvardhan Pandit - due 2019-02-19].
13:51:49 <Eva_Bud> just trying to reconnect to webex, no luck so far
13:51:52 <Javier> ack EVa and Bud
13:52:03 <Eva_Bud> :)
13:52:19 <Javier> Axel: As for data controllers/recipients...
13:53:08 <Javier> ... we have some ideas on the country of the recipients, some initial pointers from SPECIAL, and maybe the possibility to add a sticky policy
13:53:11 <AxelPollleres> ACTION: Javier to look into Data controllers and recipients taxonomy with help of  Piero, Axel
13:53:12 <trackbot> Created ACTION-67 - Look into data controllers and recipients taxonomy with help of  piero, axel [on Javier D. Fernández - due 2019-02-19].
13:53:17 <Javier> ... Javier and I can continue on that
13:53:25 <Javier> ... with the help of Piero
13:54:01 <Javier> Axel: Last points are storage location/duration, security measures...
13:54:09 <stefano> stefano has joined #dpvcg
13:54:16 <Javier> ... but maybe we can leave them now and focus on the first issues
13:54:40 <Javier> Harsh: Myself and Mark can look at the forms of consent
13:54:57 <Javier> Mark: +1
13:55:02 <AxelPollleres> ACTION: Harsh looking into Consent elements and types with help of Mark
13:55:03 <trackbot> Created ACTION-68 - Looking into consent elements and types with help of mark [on Harshvardhan Pandit - due 2019-02-19].
13:55:40 <Javier> Axel: Then maybe we can leave the storage and security opened as an issue
13:56:00 <AxelPollleres> ISSUE: taxonomies on storrage locations and restrictions as well as security measues and restrictions still undefined.
13:56:01 <trackbot> Created ISSUE-11 - Taxonomies on storrage locations and restrictions as well as security measues and restrictions still undefined..  Please complete additional details at <https://www.w3.org/community/dpvcg/track/issues/11/edit>.
13:56:19 <AxelPollleres> All actions of today ideally done in a month.
13:56:39 <Javier> topic: set next telco
13:56:53 <Javier> 26th at 16:00?
13:57:20 <Eva_Bud> 26th would be fine
13:57:35 <AxelPollleres> regrets form harsh, but Mark can report.
13:58:09 <AxelPollleres> Goal: progress on actions from today and decidfe for antoher F2F date and location.
13:58:17 <Javier> Axel: Harsh, let us know if F2F is OK in Dublin, or you can travel elsewhere
13:58:19 <AxelPollleres> AOB?
13:58:49 <Javier> Mark: Maybe a good place is a privacy conference in May, Germany
13:58:56 <Eva_Bud> if you plan f2f, can you make a doodle?
13:58:57 <Javier> ... I will provide more info
13:59:02 <AxelPollleres> Merk: EIC (european identity conference) in May ... in Germany might be a good space for us to meet/be present.
13:59:15 <harsh> @Eva I think Bert has an action to create a doodle?
13:59:21 <Eva_Bud> ok
13:59:29 <AxelPollleres> ACTION: Mark to report on EIC conference next time
13:59:30 <harsh> ACTION-63
13:59:30 <trackbot> Created ACTION-69 - Report on eic conference next time [on Mark Lizar - due 2019-02-19].
13:59:30 <trackbot> ACTION-63 -- Bert Bos to Set up doodle preferred dates for f2f in second half of march or first half of april -- due 2019-02-19 -- OPEN
13:59:30 <trackbot> https://www.w3.org/community/dpvcg/track/actions/63
13:59:44 <Javier> bye!
13:59:45 <AxelPollleres> adjourned
13:59:47 <Ramisa> thanks, bye
14:00:03 <AxelPollleres> rrsagent, make minutes public
14:00:03 <RRSAgent> I'm logging. I don't understand 'make minutes public', AxelPollleres.  Try /msg RRSAgent help
14:00:15 <AxelPollleres> rrsagent, make public minutes
14:00:15 <RRSAgent> I'm logging. I don't understand 'make public minutes', AxelPollleres.  Try /msg RRSAgent help
14:00:19 <Javier> rrsagent, please create minutes
14:00:19 <RRSAgent> I have made the request to generate https://www.w3.org/2019/02/12-dpvcg-minutes.html Javier
14:00:28 <AxelPollleres> (I always forget the command :-))