07:24:01 RRSAgent has joined #dpvcg 07:24:01 logging to https://www.w3.org/2019/04/05-dpvcg-irc 07:24:51 -> https://www.w3.org/2019/04/04-dpvcg-minutes.html#x22 agenda for today (from yesterday's minutes) 07:25:22 Agenda for today: 07:25:23 * session1 9:30-11:00 - consent 07:25:24 * session: 11:15-12:45 - processing categories 07:25:26 ----- After lunch: ---- 07:25:27 * how to wrap up? discuss process for new terms and feedback 07:25:29 * timeline 07:25:30 ** finish drafts (who, by when?) 07:25:32 ** review (who, by when?) 07:25:33 ** publish (when?) 07:25:34 ** plan advertisement 07:25:35 ** plan feedback cycles 07:29:58 harsh has joined #dpvcg 07:30:05 * wrap up ISSUES (and ACTIONS) and discuss how we include them in the first draft, decide editors, etc. 07:30:30 chair: Bert Bos 07:30:54 scribe: Axel 07:30:59 present+ 07:31:44 present+ 07:31:46 agenda+ session1 9:30-11:00 - consent 07:32:03 list agenda 07:32:16 bud has joined #dpvcg 07:32:30 agenda- 1 07:32:33 agenda- 2 07:32:37 agenda- 3,4,5,6 07:32:40 agenda- 3 07:32:42 agenda- 4 07:32:44 agenda- 5 07:32:45 agenda- 6 07:33:02 what's on the agenda? 07:33:24 agenda+ session: 11:15-12:45 - processing categories 07:33:37 https://docs.google.com/spreadsheets/d/13d1eRXZZBCw84vYGoCJeMU08rzkkzadDzxY3n2iOi8k/edit#gid=882529315 07:33:49 harsh: all properties in red still under discussion 07:35:31 harsh: biggest issue is the right to withdraw. 07:35:58 ... ontology should provide a propery to state how to withdraw consent 07:36:17 mark: that's the mininmum, there;s no prior art for this. 07:36:56 elmar has joined #dpvcg 07:37:40 axel: wouldn't it always be possible in writing to withdraw? 07:37:43 watch out, consent withdrawl opens a can of worms as you can't just withdraw anytime 07:37:53 bud: law says it should be as easy as giving consent 07:38:39 so the taxonomy should mention withdrawl and have the ability to point to something (URI) 07:39:52 mark: keep it minimal... we should keep it out of scope to fill the possible actions to withdraw consent in an own taxonomy for now, but we should have an attribute. 07:41:16 I agree with what Rigo said, that's what we're trying to do in the spreadsheet currently. 07:41:32 mark: consent receipt would be ideal, but consent receipt has privacy information in it... some interaction with authentication, no one has been able to do consent receipts properly yet 07:41:51 ... consent receipts are future work/innovation. 07:44:02 Axel: does consent need reconciliation with other legal bases? 07:44:26 Bud: fulfillment of conteact may be similar, but not really 07:44:58 Contract can have expiry 07:45:08 +1 to Bud, you need a legal reason to process without consent 07:46:33 contract: if the main performances required by the contract are done (payment) the reason for processing expires, but this is Art. 6 (1) b 07:47:40 we are discussing 6 (1)a and there I can't imagine a case where you still would need to process. Those personalization things can just be withdrawn 07:52:10 discussion on whether datasubject, controller, purpose, processing are part of consent, or consent is part of personal data handling.... 07:52:26 axel: can be both, yes? 07:53:03 ... so we need to modify the domain of hasDataSubject 07:53:03 hasDataController 07:53:05 hasPurpose 07:53:06 hasProcessing 07:53:06 hasPersonalData to the union of Consent and PesonalDataHandling? 07:54:36 scribe: simonstey 07:54:52 bud: could we call it user rights? 07:55:21 ... the consent might be the last point for the data subject to convey this information to the data controller 07:55:28 to me, consent is part of personal data (SPECIAL annotation model) and it affects the properties of that data 07:55:37 ... legally one has to state that the data subject has the right to withdraw 07:55:51 ... otherwise it's not valid 07:56:13 ... in the moment the processing starts, you have to provide the data subject right 07:56:14 s 07:56:20 s/right/rights 07:57:01 elmar: can you actually shift the responsibility of demonstrating consent 07:57:39 rigo: IF consent is a property of data and consent is removed, than the property is just deleted from the data (link/annotation destroyed) 07:57:56 ... imo "withdrawl" is an algo, not a data property 07:59:00 bud: if you can process "pseudoanonym." then you need some form of ID for the data subject 08:00:13 axelpolleres: I don't understand why we have to explicitly put e.g. the right to rectify within the consent 08:00:30 ... imo that doesnt belong to the consent but other legal basis 08:00:40 +1 to axelpolleres 08:01:06 ... consent can appear in different places 08:01:34 mark: the rights listing should go in the privacy policy 08:01:53 harsh: how do we capture the legal context under which consent was given? 08:02:06 I think you should think things as "what can be done with the data" instead of thinking "how can I represent rights of GDPR". Because later, the algos will need data properties, not understand GDPR 08:02:14 mark: the privacy policy should have the rights notices 08:02:41 +1 to rigo 08:03:45 mark: collection method could be upgraded to "context" 08:04:01 collection method -> how consent was given 08:04:39 does this matter? 08:05:27 for audit it may matter, for the decision whether to process or not, it doesn't 08:05:43 q+ 08:06:30 Bert: do we agree that all the "right..." terms are not needed? 08:06:41 mark: it was part of the original vocab. 08:08:54 mark: in order to be compliant with ISO 29100, you have a lot of little requirements regarding presenting of notice 08:10:02 ... the notice capture is not described by many groups so far 08:10:23 bbl 08:10:32 q- 08:10:55 axelpolleres: what's the difference between expiry/expiryCondition 08:11:36 +q (to raise rigo's comment on whether we need provision/etc. methods actually) 08:15:10 axelpolleres: why do we have multiple expiry properties? 08:15:46 simonstey: why not combine it into just one property? 08:16:02 axelpolleres: how do we describe such a condition? 08:16:29 To separate the expiry based on temporal and conditions , we have a common superproperty (hasExpiry) and specialisations for temporal (hasExpiryAtTime) and condition (hasExpiryCondition) 08:17:42 mark: in the UK there's always a 2year consent renewal period 08:17:59 ... which they updated to 3 months 08:20:41 simonstey: do they have to adhere to the 3months? 08:21:03 mark: no.. but if they want to get certified, then yes 08:22:25 mark: there are a lot of controversies wrt. "on behalf" 08:22:59 ... changed to "delegated" 08:24:21 axelpolleres: can we assume that it's the data subject if it's not there? 08:24:28 simonstey: OWA vs CWA 08:25:29 axelpolleres: is both withdrawal and provision be delegated? 08:25:42 harsh: withdrawal can be 08:25:51 bud: well a child cannot delegate 08:26:51 ... if a child is turning 16 after the parents gave consent, it could withdraw it 08:27:23 ... so you have to distinguish 08:29:11 harsh: authority captures why one was able to give consent on ones behalf 08:29:47 e.g. John -- parent --> Jane 08:32:26 simonstey: one possible solution would be to add 2 additional properties one for withdrawal and one for provision that captures this 08:33:58 harsh: consent has to be given by one person only (according to a law professor I asked) 08:34:42 in the context of this specific use-case we are covering 08:34:58 Otherwise, legally, consent could be asked from multiple persons e.g. from both parents for a child 08:35:53 axelpolleres:next point, why do we need all those terms with "rights" 08:36:08 mark: you dont need to list them all 08:37:48 axelpolleres: if this is used for documenting, if I'm documenting the provision method it should also contain the information on how this was done 08:40:31 mark: the GDPR says explicitly the subject has to be informed 08:40:41 ... which justifies a separate field 08:41:09 harsh: isnt this covered by provision method already? 08:41:28 axelpolleres: I thought this was only about "in text,.." etc. 08:43:34 [discussing consent notice, etc.] 08:43:46 axelpolleres: I put some description in the description 08:44:06 ... The actual notice that the Data Subject received to consent to, either a text or link to a document, which should be usable to decide whether the form or consent was compliant to legislation, e.g. documenting how the user has been informed about rights and omplications (e.g. right to data portabilityright to recitffyright to erasureright to restrict processingright to objectrights regarding automated decision making or profilingprocessorsthird part[CUT] 08:44:52 ... or outside-EEA transfers,profiling,automated decision-making,privacy-policy (mark)) 08:46:48 bud: one has to document also e.g., whether checkboxes were prechecked or similar 08:47:40 axelpolleres: I think we could now argue for another full hour on how to structure such a notice.. 08:48:10 ... for now we could raise an issue saying consent notice could be further structured 08:48:28 ISSUE: Do we need to further structure consent notice? 08:48:28 Created ISSUE-16 - Do we need to further structure consent notice?. Please complete additional details at . 08:48:54 bud: I think we need a field indicating whether it's implicit/explicit consent 08:49:09 s/implicit/regular/ 08:49:42 ... in special cases the GDPR requires explicit consent 08:50:07 ... "not explicit" doesn't have a name in the GDPR 08:50:40 harsh: rigo explicitly said there's no "regular" consent 08:51:38 bud: we could have also only a boolean field indicating whether consent is explicit or not 08:52:47 ... if explicit yes, then this indicates certain requirements 08:54:32 ... article 22 2c -> explicit consent 08:56:47 bud: all parts of article 13/14 should be part of the notice, right? 08:58:33 mark: just because the GDPR doesn't call for a processor, doesn't mean we should not provide means for stating them 08:59:32 axelpolleres: we have now all properties of the personal data handling despite hasRecipient 08:59:45 ... should we add this too? 09:00:13 bud: processor/3rdparty/... are all recipients 09:00:55 axelpolleres: the only thing we haven't discussed yet are bundles/groups 09:03:34 mark: in the GDPR special categories are listed explicitly 09:04:58 axelpolleres: can we now action someone to wrap this all up ? 09:05:54 axelpolleres: it's always the consent to personal data handling 09:06:18 harsh: well we have a property there called "storage" 09:06:53 axelpolleres: yeah.. but this is already covered by technical/organizational measures 09:07:46 mark: in the gdpr there are only a couple of mentions of "storage" 09:07:54 ... where it's usually about storage period 09:08:44 [axel writing a description on gsheets] 09:09:04 axelpolleres: "We replicate all the properties except Legalbasis of personal data handling for consent, to declare what kinds of personal data handling are consented to" 09:10:44 mark: where's the field for internationaltransfer? 09:10:48 harsh: in the notice 09:11:08 mark: I don't think notice doesnt cover international transfer 09:12:11 bud: maybe you could add a remark saying that article 13 details all the things one has to notify about 09:12:40 issue-16 09:12:40 issue-16 -- Do we need to further structure consent notice? -- raised 09:12:40 https://www.w3.org/community/dpvcg/track/issues/16 09:13:57 axelpolleres: the green ones are for v1 09:14:08 BREAK for 15min 09:14:10 agreement: green ones in the spreadsheet are version 1. 09:20:05 agenda? 09:27:59 Ramisa has joined #dpvcg 09:28:12 agenda+ use OWL2 instead of RDFS 09:36:44 simonstey has joined #dpvcg 09:37:28 zakim, take up agendum 8 09:37:28 agendum 8. "session: 11:15-12:45 - processing categories" taken up [from simonstey] 09:38:23 Simon: I don't like just listing out actions for processing e.g. what's the difference between erase and destroy and delete 09:38:33 https://docs.google.com/document/d/1Z3Eb5rZjrdWcE5u5o0CYzA_LPyGaTqmg84ecGve_ZLA/edit 09:39:03 Simon: We listed out categories such as scoring (in the document) 09:39:23 yes 09:39:27 while simon is speaking 09:39:37 Simon: I would prefer a solution that allows describing processing 09:39:38 scribe: harsh 09:39:56 Ramisa_ has joined #dpvcg 09:40:26 Simon: based on the (nature) of processing, it can assist in identifying whether the processing is high risk 09:40:55 MarkL has joined #dpvcg 09:41:24 Simon: Processing can involve new technologies/solutions, such as using ML for decisions. 09:42:34 Simon: We should identify the features or attributes of processing that distinguishes one from another 09:43:54 Fajar: controllers would want to use more generic descriptions 09:44:49 Axel: we should derive high level categories of processing, could even be keywords 09:46:01 s/Fajar/Elmar/ 09:46:31 bud: if your processing has high risk, you have to have a data impact assessment 09:46:42 ... but that's towards the authority 09:46:53 ... not towards the data subject 09:48:48 ... so e.g. automateddecisionmaking for the purpose of giving a loan 09:49:13 bud: the data subject needs to know the purpose but not how it was done 09:49:58 axelpolleres: if I infer from your data, your sexual orientation based on your social media data/pictures for the purpose of advertism. or what not 09:50:15 ... do they have to declare that they are inferring stuff? 09:51:34 ... imagine you have this machine learning algo that infers sensitive information, where would I have to declare this 09:52:00 bud: about the processing, that are very few things one has to tell the data subject 09:52:16 ... towards the regulator you have to do more (supervisor authority) 09:52:31 ... they will ask those things when they audit you 09:52:47 ... one has to demonstrate compliance with the law 09:53:08 ... including measures to keep the residual risks low 09:54:01 MarkL: there's a missing way to explain the scope of processing 09:54:32 MarkL: these are like attributes for processing 09:55:43 axelpolleres: do I need to document which kind of software I use, database, ...? 09:55:58 bud: in my opinion this is outside of the scope 09:58:21 axelpolleres: processing=> what does a processor do to achieve its purpose? 09:59:27 axelpolleres: personal data=="click behaviour", purpose=="to sell you something" 10:00:40 harsh: starting from highlevel categories we could drill down 10:01:29 Check definition of processing A4-2 10:01:37 ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction; 10:01:43 We should at least cover all of these 10:01:44 ... collecting/storing/etc. (listed in the spreadsheet) 10:02:50 but those are operations rather than categories right? 10:03:48 also, maybe I'm fine if someone recording me on sundays but not any other day of the week 10:04:27 bud: iirc, there are about ~5 things one has to tell the data subject 10:05:11 @simon yes, they are operations - I'm saying out categories should cover all those 10:05:11 ... should sync with eva/rigo 10:05:53 ah yes 10:06:02 ** Risk Assessment ** * Evaluation or scoring * Automated-decision making with legal or similar significant effect [Bud: financial effects??] * Systematic monitoring * Matching or combining datasets * processing that involves new technological or organisational solutions * processing that “prevents data subjects from exercising a right or using a service or a contract” (Article 22 and recital 91) 10:06:54 https://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=611236 10:07:06 p..9 10:07:25 * Evaluation or scoring. * Automated decision-making with legal or similar significant effect. * Systematic monitoring. * Sensitive data or data of a highly personal nature. * Data processed on a large scale. * Matching or combining datasets. * Data concerning vulnerable data subjects. * Innovative use or applying new technological or organisational solutions. * Contexts Preventing data subjects from exercising a right or using a service or contract. 10:07:45 What does the ICO consider likely to result in high risk? The ICO is required by Article 35(4) to publish a list of processing operations that require a DPIA. This list complements and further specifies the criteria referred to in the European guidelines. Some of these operations require a DPIA automatically, and some only when they occur in combination with one of the other items, or any of the criteria in the European Guidelines referred to above: 1. Innov[CUT] 10:08:04 http://www.documentcloud.org/documents/4109562-20171013-wp248-rev01-Enpdf-Final-Guidelines-DPIA.html 10:08:08 page 9 10:08:09 https://gdpr-info.eu/art-30-gdpr/ 10:08:39 https://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=611236 10:12:39 Axel: suggestion the 9 items there we should provide URIs for, just to be able to provide a handle for them. 10:13:29 bud: yes, for a supervissing authority this is interesting 10:14:35 purpose of our voabulary is essentially to provide not only machine-readeable means for compliance checking,but also a "rooster" for documenting and annoyating texctual policies, and checking whether all relevant parts are there.you 10:27:35 "An example of this is where a bank screens its customers against a credit reference database in order to decide whether to offer them a loan." 10:31:21 There is another example at the bottom of page 11 that may help clarify this 10:31:28 "Storage for archiving purpose of pseudonymised personal sensitive data concerning vulnerable data subjects of research projects or clinical trials" 10:32:29 In this case, there is no associated "purpose", but the processing is associated with risk 10:32:49 Or does "archiving" fall under legitimate interest of the clinic? 10:39:50 Axel: do we leave the ones we have (6 from high-risk) for now? 10:40:30 action-66 10:40:30 action-66 -- Harshvardhan Pandit to Look into structuring processing categories, ramisa, bud, eva to help/review. -- due 2019-02-19 -- OPEN 10:40:30 https://www.w3.org/community/dpvcg/track/actions/66 10:42:54 monitoringDrivingBehaviour :hasProcessingType [ 10:43:08 :typeProcessing :erasure; 10:43:17 :isAutomatedDecM true; 10:43:20 :isSystematicMonitoring true ] 10:45:57 From SPECIAL: 10:45:58 Declaration(Class(svpr:Aggregate)) 10:45:58 Declaration(Class(svpr:Analyse)) 10:45:58 Declaration(Class(svpr:Anonymize)) 10:45:58 Declaration(Class(svpr:Collect)) 10:46:01 Declaration(Class(svpr:Copy)) 10:46:01 Declaration(Class(svpr:Derive)) 10:46:05 Declaration(Class(svpr:Move)) 10:46:07 Declaration(Class(svpr:Query)) 10:46:09 Declaration(Class(svpr:Transfer)) 10:46:54 PROPOSED: as for processing we name operations as example (for instance SPECIAL, ODRL, bu do not define an own voabulary/taxonomy in this group. 10:49:53 seems to be agreement... 10:51:04 after lunch 20min max continue on wrapping up Processing, and then proceed the agenda. 10:51:41 [Lunch, back in 1 hour] 11:30:49 axelpolleres has joined #dpvcg 11:59:57 Let us know when to call (tried once - maybe you're not back from lunch) 12:01:42 We're back, now looking at how to turn the video back on... 12:08:03 Topic: Processing (continued) 12:11:41 e.g Collect rdfs:subClassOf dpv:Processing, odrl:Collect . 12:13:07 Ramisa has joined #dpvcg 12:13:25 https://github.com/dpvcg/processing/blob/master/processing.ttl 12:18:44 A4-2 ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction; 12:26:10 action: javier to put list of processing types into processing vocab on spreadsheet, merge with SPCIAL terms, add descriptions. 12:26:10 Created ACTION-88 - Put list of processing types into processing vocab on spreadsheet, merge with spcial terms, add descriptions. [on Javier D. Fernández - due 2019-04-12]. 12:28:10 topic: process for new terms and feedback 12:36:38 q+ How do we invite feedback? 12:36:52 * process for new terms and feedback: 12:36:53 * Suggestions for reformulations or additions should be made in the form of pull requests on github via github's issues mechanism --> 12:36:54 * https://github.com/dpvcg 12:36:56 * labels: question, issue, proposal 12:36:57 * In regular calls we decide on proposals: "approve"/"decline"/"downgrade to issue" 12:36:57 * biweekly calls, after the first draft is published, we discuss whether we want to switch to monthly calls. 12:37:09 topic: timeline 12:37:29 q? 12:40:15 ACTION: Axel to finish base ontology by next call (within 2 weeks) 12:40:16 Created ACTION-89 - Finish base ontology by next call (within 2 weeks) [on Axel Polleres - due 2019-04-12]. 12:42:39 PROPOSED: We use hash URIs in the namespaces. 12:42:44 +1 12:42:53 PROPOSED: we use RDFS and OWL where needed 12:43:10 +1 12:43:14 +1 to both 12:44:36 reformulation of 2nd proposal: 12:44:49 PROPOSED: we define the vocabularies lary as an OWL ontology 12:44:53 +1 12:44:59 +1 12:45:10 RESOLVED: We use hash URIs in the namespaces. 12:45:26 RESOLVED: we define the vocabularies lary as an OWL ontology 12:45:48 bud has joined #dpvcg 12:46:20 ACTION: Axel to finish Technical ORganisational measures part in the spreadsheet by next call 12:46:20 Created ACTION-90 - Finish technical organisational measures part in the spreadsheet by next call [on Axel Polleres - due 2019-04-12]. 12:46:54 RRSAgent, make logs public 12:46:58 RRSAgent, pointer? 12:46:58 See https://www.w3.org/2019/04/05-dpvcg-irc#T12-46-58 12:47:47 ACTION-90 depends on Fajar providing a version of NACE we can use and on MArk's ACTION-87 12:48:16 action-87? 12:48:17 action-87 -- Mark Lizar to Make a proposal alternatively use gics instead of nace. -- due 2019-04-11 -- OPEN 12:48:17 https://www.w3.org/community/dpvcg/track/actions/87 12:48:23 ACTION: Fajar to provide his conversion of NACE as RDFS/OWL 12:48:24 Created ACTION-91 - Provide his conversion of nace as rdfs/owl [on Fajar Ekaputra - due 2019-04-12]. 12:50:16 ACTION: Elmar to finish Personal Data Categories and transfer what we agreed upon to the spreadsheet. 12:50:17 Created ACTION-92 - Finish personal data categories and transfer what we agreed upon to the spreadsheet. [on Elmar Kiesling - due 2019-04-12]. 12:52:56 ACTION: Ramisa to drive discussion on Recipients, Data Controllers, Data Subjects forward 12:52:56 Created ACTION-93 - Drive discussion on recipients, data controllers, data subjects forward [on Roghaiyeh(Ramisa) Gachpaz Hamed - due 2019-04-12]. 12:55:12 Action-92: change to elmar 12:55:13 Notes added to Action-92 Finish personal data categories and transfer what we agreed upon to the spreadsheet.. 12:56:08 Action: Fajar to finish purposes. 12:56:08 Created ACTION-94 - Finish purposes. [on Fajar Ekaputra - due 2019-04-12]. 12:57:30 ACTION: Harsh to complete Legal Basis 12:57:31 Created ACTION-95 - Complete legal basis [on Harshvardhan Pandit - due 2019-04-12]. 12:58:05 ACTION: Harsh to consolidate consent part. 12:58:06 Created ACTION-96 - Consolidate consent part. [on Harshvardhan Pandit - due 2019-04-12]. 13:01:33 ACTION: Axel define a process to get from spreadsheets to spec. 13:01:34 Created ACTION-97 - Define a process to get from spreadsheets to spec. [on Axel Polleres - due 2019-04-12]. 13:01:55 ACTION: Axel to define process for feedback in spec document. 13:01:55 Created ACTION-98 - Define process for feedback in spec document. [on Axel Polleres - due 2019-04-12]. 13:03:17 Next TelCo April 23rd, Bert chairs. 13:03:36 goal for next telco - all parts finished 13:04:21 (ensure spreadsheet is complete) 13:04:44 Telco May 7th --> goal is to have a first full document for review, and including the ISSUES we have postponed or still rais on 23rd. 13:05:02 MarkL has joined #DPVCG 13:05:05 https://annualconference.eema.org 13:05:50 Telco: Internal reviews by 21st May 13:07:11 Mark: London https://annualconference.eema.org June 18+19 could be a good place to meet again. 13:08:18 Goal is to vote to publish on May 21st he first draft! 13:11:12 ACTION: Bert to look into where to publish our CG spec, and how to redirect from the namespace doc to the spec. 13:11:12 'Bert' is an ambiguous username. Please try a different identifier, such as family name or username (e.g., bbos, bertv). 13:12:01 adversisement and feedback cycles to be discussed in the Telco on 21st MArch 13:12:26 s/MArch/May/ 13:12:34 Action not assigned to Bert 13:12:34 Error finding 'not'. You can review and register nicknames at . 13:12:52 topic: ISSUES 13:13:09 action: bbos to look into where to publish our CG spec, and how to redirect from the namespace doc to the spec. 13:13:09 Created ACTION-99 - Look into where to publish our cg spec, and how to redirect from the namespace doc to the spec. [on Bert Bos - due 2019-04-12]. 13:13:16 https://www.w3.org/community/dpvcg/track/issues/ 13:14:02 Javier has joined #dpvcg 13:19:41 ISSUE- 2 to address in the report 13:19:54 Axel: ISSUE-3 to be postponed 13:20:44 Axel: ISSUE-3 Open, ISSUE-5 Postponed (correction) 13:21:31 close ISSUE-7 with answer "No" 13:21:35 Axel: ISSUE-6 related to ACTION-93 13:21:46 close ISSUE-7 13:21:46 Closed ISSUE-7. 13:23:10 ISSUE-8: As we agreed to use OWL for modelling, we use unionOf and intersectionOf from OWL. 13:23:10 Notes added to ISSUE-8 How do we describe unions and intersections of purposes, how doe we describe any vs some “sub”purpose. 13:23:20 close ISSUE-8 13:23:20 Closed ISSUE-8. 13:23:38 ISSUE-9? 13:23:38 ISSUE-9 -- Where are categories of data controllers used, where are they useful? (cf. recital 98, 99, 100) -- raised 13:23:38 https://www.w3.org/community/dpvcg/track/issues/9 13:24:00 ISSUE-9: relates to ACTION-93 13:24:00 Notes added to ISSUE-9 Where are categories of data controllers used, where are they useful? (cf. recital 98, 99, 100). 13:26:36 ISSUE-10: related to ACTION-87 and ACTION-91 13:26:36 Notes added to ISSUE-10 Are there mappings to gics from other coding systems naics/nace/isic .... 13:30:28 ISSUE-12: we won't get back to these actions. 13:30:28 Notes added to ISSUE-12 Shall we get back to action-6, action-19, action-27 (closed without news). 13:30:34 close ISSUE-12 13:30:34 Closed ISSUE-12. 13:31:34 ISSUE-13: we use the namespace dpv for the ontology and subnamespaces only for mapping external terminologiessuch as eg. NACE,etc. 13:31:34 Notes added to ISSUE-13 Decide later whether we need sub-namespaces for different subtaxonomies. 13:31:42 close ISSUE-13 13:31:42 Closed ISSUE-13. 13:32:12 https://www.w3.org/2006/07/SWD/SKOS/skos-and-owl/master.html 13:32:27 ISSUE-14: we may refer to this link https://www.w3.org/2006/07/SWD/SKOS/skos-and-owl/master.html 13:32:27 Notes added to ISSUE-14 We may want to add a non-normative comment in the spec that/how the taxonomy can be used as skos.. 13:33:12 ISSUE-15: should be mentioned in section on PErsonal data categories. 13:33:12 Notes added to ISSUE-15 Personal data cateories collected might be collected in an approximate manner (e.g. age vs. age range), should we provide a mechanism in the vocabulary to distinguish this?. 13:33:58 ISSUE-16: should be mentioned in the section about CONSENT (which as such will be a subsection of legal basis. 13:33:59 Notes added to ISSUE-16 Do we need to further structure consent notice?. 13:36:59 https://www.w3.org/community/dpvcg/track/actions/open 13:42:43 ISSUE: Do we need further temporal annotations for the personal data handling class? 13:42:51 Error creating an ISSUE: could not connect to Tracker. Please mail with details about what happened. 13:43:24 ISSUE: Do we need further temporal annotations for the personal data handling class? 13:43:24 Created ISSUE-18 - Do we need further temporal annotations for the personal data handling class?. Please complete additional details at . 13:43:44 ISSUE-18: Do we need terms to document the time instant of specific personal data handling? the validity time of a certain policy? i.e. the temporal extent of a certain personal data handling instance. 13:43:44 Notes added to ISSUE-18 Do we need further temporal annotations for the personal data handling class?. 13:46:22 close ACTION-53 13:46:22 Closed ACTION-53. 13:46:41 ACTION: harsh to find URLs for GDPR articles. 13:46:41 Created ACTION-100 - Find urls for gdpr articles. [on Harshvardhan Pandit - due 2019-04-12]. 13:47:04 ACTION-100: we will need thois for provenance of many of our terms. 13:47:05 Notes added to ACTION-100 Find urls for gdpr articles.. 13:47:37 close ACTION-34 13:47:37 Closed ACTION-34. 13:47:48 close ACTION-33 13:47:48 Closed ACTION-33. 13:51:08 ACTION: JAvier to check after next Telco, which terms relate how to SPECIAL vocabularies (initially link them with rdfs:seeAlso 13:51:09 Created ACTION-101 - Check after next telco, which terms relate how to special vocabularies (initially link them with rdfs:seealso [on Javier D. Fernández - due 2019-04-12]. 13:52:56 ACTION: Axel to copy definitions for StorageLocation and StorageDuration from SPECIAL for now. 13:52:57 Created ACTION-102 - Copy definitions for storagelocation and storageduration from special for now. [on Axel Polleres - due 2019-04-12]. 14:04:42 axelpolleres has joined #dpvcg 14:05:09 rrsagent, make minutes 14:05:09 I have made the request to generate https://www.w3.org/2019/04/05-dpvcg-minutes.html axelpolleres 14:05:21 rrsagent, make minutes world-wisible 14:05:21 I'm logging. I don't understand 'make minutes world-wisible', axelpolleres. Try /msg RRSAgent help 14:05:41