IRC log of dpvcg on 2019-04-05

Timestamps are in UTC.

07:24:01 [RRSAgent]
RRSAgent has joined #dpvcg
07:24:01 [RRSAgent]
logging to https://www.w3.org/2019/04/05-dpvcg-irc
07:24:51 [Bert]
-> https://www.w3.org/2019/04/04-dpvcg-minutes.html#x22 agenda for today (from yesterday's minutes)
07:25:22 [axelpolleres]
Agenda for today:
07:25:23 [axelpolleres]
* session1 9:30-11:00 - consent
07:25:24 [axelpolleres]
* session: 11:15-12:45 - processing categories
07:25:26 [axelpolleres]
----- After lunch: ----
07:25:27 [axelpolleres]
* how to wrap up? discuss process for new terms and feedback
07:25:29 [axelpolleres]
* timeline
07:25:30 [axelpolleres]
** finish drafts (who, by when?)
07:25:32 [axelpolleres]
** review (who, by when?)
07:25:33 [axelpolleres]
** publish (when?)
07:25:34 [axelpolleres]
** plan advertisement
07:25:35 [axelpolleres]
** plan feedback cycles
07:29:58 [harsh]
harsh has joined #dpvcg
07:30:05 [axelpolleres]
* wrap up ISSUES (and ACTIONS) and discuss how we include them in the first draft, decide editors, etc.
07:30:30 [axelpolleres]
chair: Bert Bos
07:30:54 [axelpolleres]
scribe: Axel
07:30:59 [axelpolleres]
present+
07:31:44 [Bert]
present+
07:31:46 [simonstey]
agenda+ session1 9:30-11:00 - consent
07:32:03 [simonstey]
list agenda
07:32:16 [bud]
bud has joined #dpvcg
07:32:30 [simonstey]
agenda- 1
07:32:33 [simonstey]
agenda- 2
07:32:37 [simonstey]
agenda- 3,4,5,6
07:32:40 [simonstey]
agenda- 3
07:32:42 [simonstey]
agenda- 4
07:32:44 [simonstey]
agenda- 5
07:32:45 [simonstey]
agenda- 6
07:33:02 [simonstey]
what's on the agenda?
07:33:24 [simonstey]
agenda+ session: 11:15-12:45 - processing categories
07:33:37 [axelpolleres]
https://docs.google.com/spreadsheets/d/13d1eRXZZBCw84vYGoCJeMU08rzkkzadDzxY3n2iOi8k/edit#gid=882529315
07:33:49 [axelpolleres]
harsh: all properties in red still under discussion
07:35:31 [axelpolleres]
harsh: biggest issue is the right to withdraw.
07:35:58 [axelpolleres]
... ontology should provide a propery to state how to withdraw consent
07:36:17 [axelpolleres]
mark: that's the mininmum, there;s no prior art for this.
07:36:56 [elmar]
elmar has joined #dpvcg
07:37:40 [axelpolleres]
axel: wouldn't it always be possible in writing to withdraw?
07:37:43 [rigo]
watch out, consent withdrawl opens a can of worms as you can't just withdraw anytime
07:37:53 [axelpolleres]
bud: law says it should be as easy as giving consent
07:38:39 [rigo]
so the taxonomy should mention withdrawl and have the ability to point to something (URI)
07:39:52 [axelpolleres]
mark: keep it minimal... we should keep it out of scope to fill the possible actions to withdraw consent in an own taxonomy for now, but we should have an attribute.
07:41:16 [harsh]
I agree with what Rigo said, that's what we're trying to do in the spreadsheet currently.
07:41:32 [axelpolleres]
mark: consent receipt would be ideal, but consent receipt has privacy information in it... some interaction with authentication, no one has been able to do consent receipts properly yet
07:41:51 [axelpolleres]
... consent receipts are future work/innovation.
07:44:02 [axelpolleres]
Axel: does consent need reconciliation with other legal bases?
07:44:26 [axelpolleres]
Bud: fulfillment of conteact may be similar, but not really
07:44:58 [harsh]
Contract can have expiry
07:45:08 [rigo]
+1 to Bud, you need a legal reason to process without consent
07:46:33 [rigo]
contract: if the main performances required by the contract are done (payment) the reason for processing expires, but this is Art. 6 (1) b
07:47:40 [rigo]
we are discussing 6 (1)a and there I can't imagine a case where you still would need to process. Those personalization things can just be withdrawn
07:52:10 [axelpolleres]
discussion on whether datasubject, controller, purpose, processing are part of consent, or consent is part of personal data handling....
07:52:26 [axelpolleres]
axel: can be both, yes?
07:53:03 [axelpolleres]
... so we need to modify the domain of hasDataSubject
07:53:03 [axelpolleres]
hasDataController
07:53:05 [axelpolleres]
hasPurpose
07:53:06 [axelpolleres]
hasProcessing
07:53:06 [axelpolleres]
hasPersonalData to the union of Consent and PesonalDataHandling?
07:54:36 [simonstey]
scribe: simonstey
07:54:52 [simonstey]
bud: could we call it user rights?
07:55:21 [simonstey]
... the consent might be the last point for the data subject to convey this information to the data controller
07:55:28 [rigo]
to me, consent is part of personal data (SPECIAL annotation model) and it affects the properties of that data
07:55:37 [simonstey]
... legally one has to state that the data subject has the right to withdraw
07:55:51 [simonstey]
... otherwise it's not valid
07:56:13 [simonstey]
... in the moment the processing starts, you have to provide the data subject right
07:56:14 [simonstey]
s
07:56:20 [simonstey]
s/right/rights
07:57:01 [simonstey]
elmar: can you actually shift the responsibility of demonstrating consent
07:57:39 [simonstey]
rigo: IF consent is a property of data and consent is removed, than the property is just deleted from the data (link/annotation destroyed)
07:57:56 [simonstey]
... imo "withdrawl" is an algo, not a data property
07:59:00 [simonstey]
bud: if you can process "pseudoanonym." then you need some form of ID for the data subject
08:00:13 [simonstey]
axelpolleres: I don't understand why we have to explicitly put e.g. the right to rectify within the consent
08:00:30 [simonstey]
... imo that doesnt belong to the consent but other legal basis
08:00:40 [rigo]
+1 to axelpolleres
08:01:06 [simonstey]
... consent can appear in different places
08:01:34 [simonstey]
mark: the rights listing should go in the privacy policy
08:01:53 [simonstey]
harsh: how do we capture the legal context under which consent was given?
08:02:06 [rigo]
I think you should think things as "what can be done with the data" instead of thinking "how can I represent rights of GDPR". Because later, the algos will need data properties, not understand GDPR
08:02:14 [simonstey]
mark: the privacy policy should have the rights notices
08:02:41 [simonstey]
+1 to rigo
08:03:45 [simonstey]
mark: collection method could be upgraded to "context"
08:04:01 [simonstey]
collection method -> how consent was given
08:04:39 [rigo]
does this matter?
08:05:27 [rigo]
for audit it may matter, for the decision whether to process or not, it doesn't
08:05:43 [simonstey]
q+
08:06:30 [simonstey]
Bert: do we agree that all the "right..." terms are not needed?
08:06:41 [simonstey]
mark: it was part of the original vocab.
08:08:54 [simonstey]
mark: in order to be compliant with ISO 29100, you have a lot of little requirements regarding presenting of notice
08:10:02 [simonstey]
... the notice capture is not described by many groups so far
08:10:23 [rigo]
bbl
08:10:32 [simonstey]
q-
08:10:55 [simonstey]
axelpolleres: what's the difference between expiry/expiryCondition
08:11:36 [simonstey]
+q (to raise rigo's comment on whether we need provision/etc. methods actually)
08:15:10 [simonstey]
axelpolleres: why do we have multiple expiry properties?
08:15:46 [simonstey]
simonstey: why not combine it into just one property?
08:16:02 [simonstey]
axelpolleres: how do we describe such a condition?
08:16:29 [harsh]
To separate the expiry based on temporal and conditions , we have a common superproperty (hasExpiry) and specialisations for temporal (hasExpiryAtTime) and condition (hasExpiryCondition)
08:17:42 [simonstey]
mark: in the UK there's always a 2year consent renewal period
08:17:59 [simonstey]
... which they updated to 3 months
08:20:41 [simonstey]
simonstey: do they have to adhere to the 3months?
08:21:03 [simonstey]
mark: no.. but if they want to get certified, then yes
08:22:25 [simonstey]
mark: there are a lot of controversies wrt. "on behalf"
08:22:59 [simonstey]
... changed to "delegated"
08:24:21 [simonstey]
axelpolleres: can we assume that it's the data subject if it's not there?
08:24:28 [simonstey]
simonstey: OWA vs CWA
08:25:29 [simonstey]
axelpolleres: is both withdrawal and provision be delegated?
08:25:42 [simonstey]
harsh: withdrawal can be
08:25:51 [simonstey]
bud: well a child cannot delegate
08:26:51 [simonstey]
... if a child is turning 16 after the parents gave consent, it could withdraw it
08:27:23 [simonstey]
... so you have to distinguish
08:29:11 [simonstey]
harsh: authority captures why one was able to give consent on ones behalf
08:29:47 [harsh]
e.g. John -- parent --> Jane
08:32:26 [simonstey]
simonstey: one possible solution would be to add 2 additional properties one for withdrawal and one for provision that captures this
08:33:58 [simonstey]
harsh: consent has to be given by one person only (according to a law professor I asked)
08:34:42 [harsh]
in the context of this specific use-case we are covering
08:34:58 [harsh]
Otherwise, legally, consent could be asked from multiple persons e.g. from both parents for a child
08:35:53 [simonstey]
axelpolleres:next point, why do we need all those terms with "rights"
08:36:08 [simonstey]
mark: you dont need to list them all
08:37:48 [simonstey]
axelpolleres: if this is used for documenting, if I'm documenting the provision method it should also contain the information on how this was done
08:40:31 [simonstey]
mark: the GDPR says explicitly the subject has to be informed
08:40:41 [simonstey]
... which justifies a separate field
08:41:09 [simonstey]
harsh: isnt this covered by provision method already?
08:41:28 [simonstey]
axelpolleres: I thought this was only about "in text,.." etc.
08:43:34 [simonstey]
[discussing consent notice, etc.]
08:43:46 [simonstey]
axelpolleres: I put some description in the description
08:44:06 [simonstey]
... The actual notice that the Data Subject received to consent to, either a text or link to a document, which should be usable to decide whether the form or consent was compliant to legislation, e.g. documenting how the user has been informed about rights and omplications (e.g. right to data portabilityright to recitffyright to erasureright to restrict processingright to objectrights regarding automated decision making or profilingprocessorsthird part[CUT]
08:44:52 [simonstey]
... or outside-EEA transfers,profiling,automated decision-making,privacy-policy (mark))
08:46:48 [simonstey]
bud: one has to document also e.g., whether checkboxes were prechecked or similar
08:47:40 [simonstey]
axelpolleres: I think we could now argue for another full hour on how to structure such a notice..
08:48:10 [simonstey]
... for now we could raise an issue saying consent notice could be further structured
08:48:28 [axelpolleres]
ISSUE: Do we need to further structure consent notice?
08:48:28 [trackbot]
Created ISSUE-16 - Do we need to further structure consent notice?. Please complete additional details at <https://www.w3.org/community/dpvcg/track/issues/16/edit>.
08:48:54 [simonstey]
bud: I think we need a field indicating whether it's implicit/explicit consent
08:49:09 [simonstey]
s/implicit/regular/
08:49:42 [simonstey]
... in special cases the GDPR requires explicit consent
08:50:07 [simonstey]
... "not explicit" doesn't have a name in the GDPR
08:50:40 [simonstey]
harsh: rigo explicitly said there's no "regular" consent
08:51:38 [simonstey]
bud: we could have also only a boolean field indicating whether consent is explicit or not
08:52:47 [simonstey]
... if explicit yes, then this indicates certain requirements
08:54:32 [simonstey]
... article 22 2c -> explicit consent
08:56:47 [simonstey]
bud: all parts of article 13/14 should be part of the notice, right?
08:58:33 [simonstey]
mark: just because the GDPR doesn't call for a processor, doesn't mean we should not provide means for stating them
08:59:32 [simonstey]
axelpolleres: we have now all properties of the personal data handling despite hasRecipient
08:59:45 [simonstey]
... should we add this too?
09:00:13 [simonstey]
bud: processor/3rdparty/... are all recipients
09:00:55 [simonstey]
axelpolleres: the only thing we haven't discussed yet are bundles/groups
09:03:34 [simonstey]
mark: in the GDPR special categories are listed explicitly
09:04:58 [simonstey]
axelpolleres: can we now action someone to wrap this all up ?
09:05:54 [simonstey]
axelpolleres: it's always the consent to personal data handling
09:06:18 [simonstey]
harsh: well we have a property there called "storage"
09:06:53 [simonstey]
axelpolleres: yeah.. but this is already covered by technical/organizational measures
09:07:46 [simonstey]
mark: in the gdpr there are only a couple of mentions of "storage"
09:07:54 [simonstey]
... where it's usually about storage period
09:08:44 [simonstey]
[axel writing a description on gsheets]
09:09:04 [simonstey]
axelpolleres: "We replicate all the properties except Legalbasis of personal data handling for consent, to declare what kinds of personal data handling are consented to"
09:10:44 [simonstey]
mark: where's the field for internationaltransfer?
09:10:48 [simonstey]
harsh: in the notice
09:11:08 [simonstey]
mark: I don't think notice doesnt cover international transfer
09:12:11 [simonstey]
bud: maybe you could add a remark saying that article 13 details all the things one has to notify about
09:12:40 [simonstey]
issue-16
09:12:40 [trackbot]
issue-16 -- Do we need to further structure consent notice? -- raised
09:12:40 [trackbot]
https://www.w3.org/community/dpvcg/track/issues/16
09:13:57 [simonstey]
axelpolleres: the green ones are for v1
09:14:08 [simonstey]
BREAK for 15min
09:14:10 [axelpolleres]
agreement: green ones in the spreadsheet are version 1.
09:20:05 [Bert]
agenda?
09:27:59 [Ramisa]
Ramisa has joined #dpvcg
09:28:12 [harsh]
agenda+ use OWL2 instead of RDFS
09:36:44 [simonstey]
simonstey has joined #dpvcg
09:37:28 [Bert]
zakim, take up agendum 8
09:37:28 [Zakim]
agendum 8. "session: 11:15-12:45 - processing categories" taken up [from simonstey]
09:38:23 [harsh]
Simon: I don't like just listing out actions for processing e.g. what's the difference between erase and destroy and delete
09:38:33 [simonstey]
https://docs.google.com/document/d/1Z3Eb5rZjrdWcE5u5o0CYzA_LPyGaTqmg84ecGve_ZLA/edit
09:39:03 [harsh]
Simon: We listed out categories such as scoring (in the document)
09:39:23 [harsh]
yes
09:39:27 [harsh]
while simon is speaking
09:39:37 [harsh]
Simon: I would prefer a solution that allows describing processing
09:39:38 [axelpolleres]
scribe: harsh
09:39:56 [Ramisa_]
Ramisa_ has joined #dpvcg
09:40:26 [harsh]
Simon: based on the (nature) of processing, it can assist in identifying whether the processing is high risk
09:40:55 [MarkL]
MarkL has joined #dpvcg
09:41:24 [harsh]
Simon: Processing can involve new technologies/solutions, such as using ML for decisions.
09:42:34 [harsh]
Simon: We should identify the features or attributes of processing that distinguishes one from another
09:43:54 [harsh]
Fajar: controllers would want to use more generic descriptions
09:44:49 [harsh]
Axel: we should derive high level categories of processing, could even be keywords
09:46:01 [simonstey]
s/Fajar/Elmar/
09:46:31 [simonstey]
bud: if your processing has high risk, you have to have a data impact assessment
09:46:42 [simonstey]
... but that's towards the authority
09:46:53 [simonstey]
... not towards the data subject
09:48:48 [simonstey]
... so e.g. automateddecisionmaking for the purpose of giving a loan
09:49:13 [simonstey]
bud: the data subject needs to know the purpose but not how it was done
09:49:58 [simonstey]
axelpolleres: if I infer from your data, your sexual orientation based on your social media data/pictures for the purpose of advertism. or what not
09:50:15 [simonstey]
... do they have to declare that they are inferring stuff?
09:51:34 [simonstey]
... imagine you have this machine learning algo that infers sensitive information, where would I have to declare this
09:52:00 [simonstey]
bud: about the processing, that are very few things one has to tell the data subject
09:52:16 [simonstey]
... towards the regulator you have to do more (supervisor authority)
09:52:31 [simonstey]
... they will ask those things when they audit you
09:52:47 [simonstey]
... one has to demonstrate compliance with the law
09:53:08 [simonstey]
... including measures to keep the residual risks low
09:54:01 [simonstey]
MarkL: there's a missing way to explain the scope of processing
09:54:32 [simonstey]
MarkL: these are like attributes for processing
09:55:43 [simonstey]
axelpolleres: do I need to document which kind of software I use, database, ...?
09:55:58 [simonstey]
bud: in my opinion this is outside of the scope
09:58:21 [simonstey]
axelpolleres: processing=> what does a processor do to achieve its purpose?
09:59:27 [simonstey]
axelpolleres: personal data=="click behaviour", purpose=="to sell you something"
10:00:40 [simonstey]
harsh: starting from highlevel categories we could drill down
10:01:29 [harsh]
Check definition of processing A4-2
10:01:37 [harsh]
‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
10:01:43 [harsh]
We should at least cover all of these
10:01:44 [simonstey]
... collecting/storing/etc. (listed in the spreadsheet)
10:02:50 [simonstey]
but those are operations rather than categories right?
10:03:48 [simonstey]
also, maybe I'm fine if someone recording me on sundays but not any other day of the week
10:04:27 [simonstey]
bud: iirc, there are about ~5 things one has to tell the data subject
10:05:11 [harsh]
@simon yes, they are operations - I'm saying out categories should cover all those
10:05:11 [simonstey]
... should sync with eva/rigo
10:05:53 [simonstey]
ah yes
10:06:02 [MarkL]
** Risk Assessment ** * Evaluation or scoring * Automated-decision making with legal or similar significant effect [Bud: financial effects??] * Systematic monitoring * Matching or combining datasets * processing that involves new technological or organisational solutions * processing that “prevents data subjects from exercising a right or using a service or a contract” (Article 22 and recital 91)
10:06:54 [bud]
https://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=611236
10:07:06 [bud]
p..9
10:07:25 [MarkL]
* Evaluation or scoring. * Automated decision-making with legal or similar significant effect. * Systematic monitoring. * Sensitive data or data of a highly personal nature. * Data processed on a large scale. * Matching or combining datasets. * Data concerning vulnerable data subjects. * Innovative use or applying new technological or organisational solutions. * Contexts Preventing data subjects from exercising a right or using a service or contract.
10:07:45 [MarkL]
What does the ICO consider likely to result in high risk? The ICO is required by Article 35(4) to publish a list of processing operations that require a DPIA. This list complements and further specifies the criteria referred to in the European guidelines. Some of these operations require a DPIA automatically, and some only when they occur in combination with one of the other items, or any of the criteria in the European Guidelines referred to above:  1. Innov[CUT]
10:08:04 [simonstey]
http://www.documentcloud.org/documents/4109562-20171013-wp248-rev01-Enpdf-Final-Guidelines-DPIA.html
10:08:08 [simonstey]
page 9
10:08:09 [bud]
https://gdpr-info.eu/art-30-gdpr/
10:08:39 [MarkL]
https://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=611236
10:12:39 [axelpolleres]
Axel: suggestion the 9 items there we should provide URIs for, just to be able to provide a handle for them.
10:13:29 [simonstey]
bud: yes, for a supervissing authority this is interesting
10:14:35 [axelpolleres]
purpose of our voabulary is essentially to provide not only machine-readeable means for compliance checking,but also a "rooster" for documenting and annoyating texctual policies, and checking whether all relevant parts are there.you
10:27:35 [simonstey]
"An example of this is where a bank screens its customers against a credit reference database in order to decide whether to offer them a loan."
10:31:21 [harsh]
There is another example at the bottom of page 11 that may help clarify this
10:31:28 [harsh]
"Storage for archiving purpose of pseudonymised personal sensitive data concerning vulnerable data subjects of research projects or clinical trials"
10:32:29 [harsh]
In this case, there is no associated "purpose", but the processing is associated with risk
10:32:49 [harsh]
Or does "archiving" fall under legitimate interest of the clinic?
10:39:50 [harsh]
Axel: do we leave the ones we have (6 from high-risk) for now?
10:40:30 [simonstey]
action-66
10:40:30 [trackbot]
action-66 -- Harshvardhan Pandit to Look into structuring processing categories, ramisa, bud, eva to help/review. -- due 2019-02-19 -- OPEN
10:40:30 [trackbot]
https://www.w3.org/community/dpvcg/track/actions/66
10:42:54 [simonstey]
monitoringDrivingBehaviour :hasProcessingType [
10:43:08 [simonstey]
:typeProcessing :erasure;
10:43:17 [simonstey]
:isAutomatedDecM true;
10:43:20 [simonstey]
:isSystematicMonitoring true ]
10:45:57 [Bert]
From SPECIAL:
10:45:58 [Bert]
Declaration(Class(svpr:Aggregate))
10:45:58 [Bert]
Declaration(Class(svpr:Analyse))
10:45:58 [Bert]
Declaration(Class(svpr:Anonymize))
10:45:58 [Bert]
Declaration(Class(svpr:Collect))
10:46:01 [Bert]
Declaration(Class(svpr:Copy))
10:46:01 [Bert]
Declaration(Class(svpr:Derive))
10:46:05 [Bert]
Declaration(Class(svpr:Move))
10:46:07 [Bert]
Declaration(Class(svpr:Query))
10:46:09 [Bert]
Declaration(Class(svpr:Transfer))
10:46:54 [axelpolleres]
PROPOSED: as for processing we name operations as example (for instance SPECIAL, ODRL, bu do not define an own voabulary/taxonomy in this group.
10:49:53 [axelpolleres]
seems to be agreement...
10:51:04 [axelpolleres]
after lunch 20min max continue on wrapping up Processing, and then proceed the agenda.
10:51:41 [Bert]
[Lunch, back in 1 hour]
11:30:49 [axelpolleres]
axelpolleres has joined #dpvcg
11:59:57 [harsh]
Let us know when to call (tried once - maybe you're not back from lunch)
12:01:42 [Bert]
We're back, now looking at how to turn the video back on...
12:08:03 [Bert]
Topic: Processing (continued)
12:11:41 [harsh]
e.g Collect rdfs:subClassOf dpv:Processing, odrl:Collect .
12:13:07 [Ramisa]
Ramisa has joined #dpvcg
12:13:25 [harsh]
https://github.com/dpvcg/processing/blob/master/processing.ttl
12:18:44 [harsh]
A4-2 ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
12:26:10 [Bert]
action: javier to put list of processing types into processing vocab on spreadsheet, merge with SPCIAL terms, add descriptions.
12:26:10 [trackbot]
Created ACTION-88 - Put list of processing types into processing vocab on spreadsheet, merge with spcial terms, add descriptions. [on Javier D. Fernández - due 2019-04-12].
12:28:10 [Bert]
topic: process for new terms and feedback
12:36:38 [harsh]
q+ How do we invite feedback?
12:36:52 [axelpolleres]
* process for new terms and feedback:
12:36:53 [axelpolleres]
* Suggestions for reformulations or additions should be made in the form of pull requests on github via github's issues mechanism -->
12:36:54 [axelpolleres]
* https://github.com/dpvcg
12:36:56 [axelpolleres]
* labels: question, issue, proposal
12:36:57 [axelpolleres]
* In regular calls we decide on proposals: "approve"/"decline"/"downgrade to issue"
12:36:57 [axelpolleres]
* biweekly calls, after the first draft is published, we discuss whether we want to switch to monthly calls.
12:37:09 [axelpolleres]
topic: timeline
12:37:29 [Bert]
q?
12:40:15 [axelpolleres]
ACTION: Axel to finish base ontology by next call (within 2 weeks)
12:40:16 [trackbot]
Created ACTION-89 - Finish base ontology by next call (within 2 weeks) [on Axel Polleres - due 2019-04-12].
12:42:39 [axelpolleres]
PROPOSED: We use hash URIs in the namespaces.
12:42:44 [harsh]
+1
12:42:53 [axelpolleres]
PROPOSED: we use RDFS and OWL where needed
12:43:10 [axelpolleres]
+1
12:43:14 [axelpolleres]
+1 to both
12:44:36 [axelpolleres]
reformulation of 2nd proposal:
12:44:49 [axelpolleres]
PROPOSED: we define the vocabularies lary as an OWL ontology
12:44:53 [harsh]
+1
12:44:59 [Ramisa]
+1
12:45:10 [axelpolleres]
RESOLVED: We use hash URIs in the namespaces.
12:45:26 [axelpolleres]
RESOLVED: we define the vocabularies lary as an OWL ontology
12:45:48 [bud]
bud has joined #dpvcg
12:46:20 [axelpolleres]
ACTION: Axel to finish Technical ORganisational measures part in the spreadsheet by next call
12:46:20 [trackbot]
Created ACTION-90 - Finish technical organisational measures part in the spreadsheet by next call [on Axel Polleres - due 2019-04-12].
12:46:54 [Bert]
RRSAgent, make logs public
12:46:58 [Bert]
RRSAgent, pointer?
12:46:58 [RRSAgent]
See https://www.w3.org/2019/04/05-dpvcg-irc#T12-46-58
12:47:47 [axelpolleres]
ACTION-90 depends on Fajar providing a version of NACE we can use and on MArk's ACTION-87
12:48:16 [Bert]
action-87?
12:48:17 [trackbot]
action-87 -- Mark Lizar to Make a proposal alternatively use gics instead of nace. -- due 2019-04-11 -- OPEN
12:48:17 [trackbot]
https://www.w3.org/community/dpvcg/track/actions/87
12:48:23 [axelpolleres]
ACTION: Fajar to provide his conversion of NACE as RDFS/OWL
12:48:24 [trackbot]
Created ACTION-91 - Provide his conversion of nace as rdfs/owl [on Fajar Ekaputra - due 2019-04-12].
12:50:16 [axelpolleres]
ACTION: Elmar to finish Personal Data Categories and transfer what we agreed upon to the spreadsheet.
12:50:17 [trackbot]
Created ACTION-92 - Finish personal data categories and transfer what we agreed upon to the spreadsheet. [on Elmar Kiesling - due 2019-04-12].
12:52:56 [axelpolleres]
ACTION: Ramisa to drive discussion on Recipients, Data Controllers, Data Subjects forward
12:52:56 [trackbot]
Created ACTION-93 - Drive discussion on recipients, data controllers, data subjects forward [on Roghaiyeh(Ramisa) Gachpaz Hamed - due 2019-04-12].
12:55:12 [axelpolleres]
Action-92: change to elmar
12:55:13 [trackbot]
Notes added to Action-92 Finish personal data categories and transfer what we agreed upon to the spreadsheet..
12:56:08 [axelpolleres]
Action: Fajar to finish purposes.
12:56:08 [trackbot]
Created ACTION-94 - Finish purposes. [on Fajar Ekaputra - due 2019-04-12].
12:57:30 [axelpolleres]
ACTION: Harsh to complete Legal Basis
12:57:31 [trackbot]
Created ACTION-95 - Complete legal basis [on Harshvardhan Pandit - due 2019-04-12].
12:58:05 [axelpolleres]
ACTION: Harsh to consolidate consent part.
12:58:06 [trackbot]
Created ACTION-96 - Consolidate consent part. [on Harshvardhan Pandit - due 2019-04-12].
13:01:33 [axelpolleres]
ACTION: Axel define a process to get from spreadsheets to spec.
13:01:34 [trackbot]
Created ACTION-97 - Define a process to get from spreadsheets to spec. [on Axel Polleres - due 2019-04-12].
13:01:55 [axelpolleres]
ACTION: Axel to define process for feedback in spec document.
13:01:55 [trackbot]
Created ACTION-98 - Define process for feedback in spec document. [on Axel Polleres - due 2019-04-12].
13:03:17 [axelpolleres]
Next TelCo April 23rd, Bert chairs.
13:03:36 [axelpolleres]
goal for next telco - all parts finished
13:04:21 [harsh]
(ensure spreadsheet is complete)
13:04:44 [axelpolleres]
Telco May 7th --> goal is to have a first full document for review, and including the ISSUES we have postponed or still rais on 23rd.
13:05:02 [MarkL]
MarkL has joined #DPVCG
13:05:05 [MarkL]
https://annualconference.eema.org
13:05:50 [axelpolleres]
Telco: Internal reviews by 21st May
13:07:11 [axelpolleres]
Mark: London https://annualconference.eema.org June 18+19 could be a good place to meet again.
13:08:18 [axelpolleres]
Goal is to vote to publish on May 21st he first draft!
13:11:12 [axelpolleres]
ACTION: Bert to look into where to publish our CG spec, and how to redirect from the namespace doc to the spec.
13:11:12 [trackbot]
'Bert' is an ambiguous username. Please try a different identifier, such as family name or username (e.g., bbos, bertv).
13:12:01 [axelpolleres]
adversisement and feedback cycles to be discussed in the Telco on 21st MArch
13:12:26 [axelpolleres]
s/MArch/May/
13:12:34 [harsh]
Action not assigned to Bert
13:12:34 [trackbot]
Error finding 'not'. You can review and register nicknames at <https://www.w3.org/community/dpvcg/track/users>.
13:12:52 [axelpolleres]
topic: ISSUES
13:13:09 [Bert]
action: bbos to look into where to publish our CG spec, and how to redirect from the namespace doc to the spec.
13:13:09 [trackbot]
Created ACTION-99 - Look into where to publish our cg spec, and how to redirect from the namespace doc to the spec. [on Bert Bos - due 2019-04-12].
13:13:16 [axelpolleres]
https://www.w3.org/community/dpvcg/track/issues/
13:14:02 [Javier]
Javier has joined #dpvcg
13:19:41 [harsh]
ISSUE- 2 to address in the report
13:19:54 [harsh]
Axel: ISSUE-3 to be postponed
13:20:44 [harsh]
Axel: ISSUE-3 Open, ISSUE-5 Postponed (correction)
13:21:31 [axelpolleres]
close ISSUE-7 with answer "No"
13:21:35 [harsh]
Axel: ISSUE-6 related to ACTION-93
13:21:46 [axelpolleres]
close ISSUE-7
13:21:46 [trackbot]
Closed ISSUE-7.
13:23:10 [axelpolleres]
ISSUE-8: As we agreed to use OWL for modelling, we use unionOf and intersectionOf from OWL.
13:23:10 [trackbot]
Notes added to ISSUE-8 How do we describe unions and intersections of purposes, how doe we describe any vs some “sub”purpose.
13:23:20 [axelpolleres]
close ISSUE-8
13:23:20 [trackbot]
Closed ISSUE-8.
13:23:38 [Javier]
ISSUE-9?
13:23:38 [trackbot]
ISSUE-9 -- Where are categories of data controllers used, where are they useful? (cf. recital 98, 99, 100) -- raised
13:23:38 [trackbot]
https://www.w3.org/community/dpvcg/track/issues/9
13:24:00 [axelpolleres]
ISSUE-9: relates to ACTION-93
13:24:00 [trackbot]
Notes added to ISSUE-9 Where are categories of data controllers used, where are they useful? (cf. recital 98, 99, 100).
13:26:36 [axelpolleres]
ISSUE-10: related to ACTION-87 and ACTION-91
13:26:36 [trackbot]
Notes added to ISSUE-10 Are there mappings to gics from other coding systems naics/nace/isic ....
13:30:28 [axelpolleres]
ISSUE-12: we won't get back to these actions.
13:30:28 [trackbot]
Notes added to ISSUE-12 Shall we get back to action-6, action-19, action-27 (closed without news).
13:30:34 [axelpolleres]
close ISSUE-12
13:30:34 [trackbot]
Closed ISSUE-12.
13:31:34 [axelpolleres]
ISSUE-13: we use the namespace dpv for the ontology and subnamespaces only for mapping external terminologiessuch as eg. NACE,etc.
13:31:34 [trackbot]
Notes added to ISSUE-13 Decide later whether we need sub-namespaces for different subtaxonomies.
13:31:42 [axelpolleres]
close ISSUE-13
13:31:42 [trackbot]
Closed ISSUE-13.
13:32:12 [harsh]
https://www.w3.org/2006/07/SWD/SKOS/skos-and-owl/master.html
13:32:27 [axelpolleres]
ISSUE-14: we may refer to this link https://www.w3.org/2006/07/SWD/SKOS/skos-and-owl/master.html
13:32:27 [trackbot]
Notes added to ISSUE-14 We may want to add a non-normative comment in the spec that/how the taxonomy can be used as skos..
13:33:12 [axelpolleres]
ISSUE-15: should be mentioned in section on PErsonal data categories.
13:33:12 [trackbot]
Notes added to ISSUE-15 Personal data cateories collected might be collected in an approximate manner (e.g. age vs. age range), should we provide a mechanism in the vocabulary to distinguish this?.
13:33:58 [axelpolleres]
ISSUE-16: should be mentioned in the section about CONSENT (which as such will be a subsection of legal basis.
13:33:59 [trackbot]
Notes added to ISSUE-16 Do we need to further structure consent notice?.
13:36:59 [Bert]
https://www.w3.org/community/dpvcg/track/actions/open
13:42:43 [axelpolleres]
ISSUE: Do we need further temporal annotations for the personal data handling class?
13:42:51 [trackbot]
Error creating an ISSUE: could not connect to Tracker. Please mail <sysreq@w3.org> with details about what happened.
13:43:24 [axelpolleres]
ISSUE: Do we need further temporal annotations for the personal data handling class?
13:43:24 [trackbot]
Created ISSUE-18 - Do we need further temporal annotations for the personal data handling class?. Please complete additional details at <https://www.w3.org/community/dpvcg/track/issues/18/edit>.
13:43:44 [axelpolleres]
ISSUE-18: Do we need terms to document the time instant of specific personal data handling? the validity time of a certain policy? i.e. the temporal extent of a certain personal data handling instance.
13:43:44 [trackbot]
Notes added to ISSUE-18 Do we need further temporal annotations for the personal data handling class?.
13:46:22 [axelpolleres]
close ACTION-53
13:46:22 [trackbot]
Closed ACTION-53.
13:46:41 [axelpolleres]
ACTION: harsh to find URLs for GDPR articles.
13:46:41 [trackbot]
Created ACTION-100 - Find urls for gdpr articles. [on Harshvardhan Pandit - due 2019-04-12].
13:47:04 [axelpolleres]
ACTION-100: we will need thois for provenance of many of our terms.
13:47:05 [trackbot]
Notes added to ACTION-100 Find urls for gdpr articles..
13:47:37 [axelpolleres]
close ACTION-34
13:47:37 [trackbot]
Closed ACTION-34.
13:47:48 [axelpolleres]
close ACTION-33
13:47:48 [trackbot]
Closed ACTION-33.
13:51:08 [axelpolleres]
ACTION: JAvier to check after next Telco, which terms relate how to SPECIAL vocabularies (initially link them with rdfs:seeAlso
13:51:09 [trackbot]
Created ACTION-101 - Check after next telco, which terms relate how to special vocabularies (initially link them with rdfs:seealso [on Javier D. Fernández - due 2019-04-12].
13:52:56 [axelpolleres]
ACTION: Axel to copy definitions for StorageLocation and StorageDuration from SPECIAL for now.
13:52:57 [trackbot]
Created ACTION-102 - Copy definitions for storagelocation and storageduration from special for now. [on Axel Polleres - due 2019-04-12].
14:04:42 [axelpolleres]
axelpolleres has joined #dpvcg
14:05:09 [axelpolleres]
rrsagent, make minutes
14:05:09 [RRSAgent]
I have made the request to generate https://www.w3.org/2019/04/05-dpvcg-minutes.html axelpolleres
14:05:21 [axelpolleres]
rrsagent, make minutes world-wisible
14:05:21 [RRSAgent]
I'm logging. I don't understand 'make minutes world-wisible', axelpolleres. Try /msg RRSAgent help
14:05:41 [axelpolleres]
rrsagent, make minutes world-visible
14:05:41 [RRSAgent]
I'm logging. I don't understand 'make minutes world-visible', axelpolleres. Try /msg RRSAgent help
14:06:09 [axelpolleres]
rrsagent, make records world-visible
14:06:46 [axelpolleres]
rrsagent, make public minutes
14:06:46 [RRSAgent]
I'm logging. I don't understand 'make public minutes', axelpolleres. Try /msg RRSAgent help
14:07:10 [axelpolleres]
rrsagent, make public minutes
14:07:10 [RRSAgent]
I'm logging. I don't understand 'make public minutes', axelpolleres. Try /msg RRSAgent help
14:07:20 [axelpolleres]
rrsagent, make minutes v2
14:07:20 [RRSAgent]
I have made the request to generate https://www.w3.org/2019/04/05-dpvcg-minutes.html axelpolleres
19:20:02 [RRSAgent]
RRSAgent has joined #dpvcg
19:20:02 [RRSAgent]
logging to https://www.w3.org/2019/04/05-dpvcg-irc
19:20:11 [Bert]
RRSAgent, make minutes v2
19:20:11 [RRSAgent]
I have made the request to generate https://www.w3.org/2019/04/05-dpvcg-minutes.html Bert
19:23:59 [Bert]
RRSAgent, bye
19:24:10 [Bert]
RRSAgent, make logs public
19:24:13 [Bert]
RRSAgent, bye
19:24:13 [RRSAgent]
I see no action items
19:24:40 [RRSAgent]
RRSAgent has joined #dpvcg
19:24:40 [RRSAgent]
logging to https://www.w3.org/2019/04/05-dpvcg-irc
19:26:56 [Bert]
present+ Bud, Javier, Simon, Ramisa, Harsh, Mark
19:27:11 [Bert]
Meeting: DPVCG ftf day 2
19:27:18 [Bert]
RRSAgent, make minutes v2
19:27:18 [RRSAgent]
I have made the request to generate https://www.w3.org/2019/04/05-dpvcg-minutes.html Bert
19:27:53 [Bert]
Previous meeting: https://www.w3.org/2019/04/04-dpvcg-minutes.html
19:27:58 [Bert]
RRSAgent, make minutes v2
19:27:58 [RRSAgent]
I have made the request to generate https://www.w3.org/2019/04/05-dpvcg-minutes.html Bert
19:30:07 [Bert]
s/scribe: Axel/scribe: Axelpolleres/
19:30:10 [Bert]
RRSAgent, make minutes v2
19:30:10 [RRSAgent]
I have made the request to generate https://www.w3.org/2019/04/05-dpvcg-minutes.html Bert
19:34:36 [Bert]
i/if your processing has high risk,/scribe: simonstey
19:34:40 [Bert]
RRSAgent, make minutes v2
19:34:40 [RRSAgent]
I have made the request to generate https://www.w3.org/2019/04/05-dpvcg-minutes.html Bert
19:35:52 [Bert]
s/Let us know when to call (tried once - maybe you're not back from lunch)//
19:36:03 [Bert]
s/We're back, now looking at how to turn the video back on...//
19:36:38 [Bert]
RRSAgent, make minutes v2
19:36:38 [RRSAgent]
I have made the request to generate https://www.w3.org/2019/04/05-dpvcg-minutes.html Bert
19:39:55 [Bert]
RRSAgent, make logs public
19:40:02 [Bert]
RRSAgent, bye
19:40:02 [RRSAgent]
I see no action items