<scribe> ScribeNick: harsh
We have Risk and hasRisk as generic concepts to associate risk, and RiskMitigationMeasure to indicate mitigation
Agreed to have that as top-level concept, and later think about expanding via taxonomy based on use-cases and legal requirements
paul: how does DPV relate to compliance?
harsh: compliance can be determining or evaluating obligations and compliance, demonstrating compliance, and documenting compliance
DPV provides a (semi-) standardised or an extendable vocabulary for representing information towards this
mark: there is also the notion of conformance which relates to compliance (processes)
Data Protection Authority: should this be supervisory authority, as defined in GDPR?
The global norm seems to be 'data protection authority', e.g. see https://en.wikipedia.org/wiki/National_data_protection_authority
Also the EU seems to prefer DPA as data protection authority: https://ec.europa.eu/info/law/law-topic/data-protection/reform/what-are-data-protection-authorities-dpas_en
Sub-Processor: do we need to distinguish between Processor and Sub-Processor
mark: in some cases there are restrictions or obligations associated with sub-processors, so it would be helpful to have this concept
georg: a sub-processor is still a processor, and in GDPR, there is no distinction (in the term itself), so we can do with just one term (processor)
The term itself seems to be used in the real-world to indicate the relationship and third-parties involved. E.g. https://www.atlassian.com/legal/sub-processors
georg: The primary relationship is between a controller and processors vis. purpose. Is there any other relationship?
mark: The controller will need to know if the list of sub-processors will change, so this is an use-case
Agreed to have sub-processor as a term
Minor vs Child: Child is definitely a related term, but we decide about 'minor' later based on legal definitions and common usage
We accept Child as a concept for DPV
Third Country: how to define this? Is this related to jurisdiction(s) i.e. EU
If this is related to jurisdiction, how to represent that in terms of membership e.g. third country wrt EU
For GDPR, this relates to Recipient --> Country (Third Country)
georg: Since this is related to country (only), we don't need to describe Third Countries per se
Agreed to have this term as 'proposed' and revisit it in the next discussion
Aceepted: property 'has_identifier' to indicate an (external) identifier associated with an entity e.g. Company registration number
Proposed terms have been discussed and addressed
Next step is to formalise serialisation and create documentation
Harsh will be working on this over the weekend
Plan is to complete the documentation by 30-NOV
Contributors to add names, affiliations, funding acknowledgments where pertinent. Please send them on to Harsh for inclusion.
Next meeting 2 DEC 14:00 CET : look at documentation
This is scribe.perl Revision of Date Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00) Present: harsh georg paul beatriz rana mark Found ScribeNick: harsh Inferring Scribes: harsh WARNING: No date found! Assuming today. (Hint: Specify the W3C IRC log URL, and the date will be determined from that.) Or specify the date like this: <dbooth> Date: 12 Sep 2002 People with action items: WARNING: Input appears to use implicit continuation lines. You may need the "-implicitContinuations" option. WARNING: IRC log location not specified! (You can ignore this warning if you do not want the generated minutes to contain a link to the original IRC log.)[End of scribe.perl diagnostic output]