Meeting minutes
Publishing DPV and DPV-GDPR with documentation
No comments, objections so far - either on mailing list or calls. So we will go ahead with publishing the v0.2 update(s).
Future work/directions
harsh: Use-cases, either theoretical or real-world uses from news or court decisions. And examples outlining how the concepts are used and the interpretations.
GeorgKrogg: We are working on a collaborative of legal experts, who might contribute use-cases and examples.
PaulRyan: Regarding ROPAs, there are some aspects which we have not mapped to DPV, which we can look into.
GeorgKrogg: We (with harsh) wrote an article comparing 29184 requirements with GDPR. There are some gaps, and similarities. Should we support ISO? (question to the group)
ISO standards could be specified as types of certifications or standards which are organisational measures.
If a list of relevant standards is provided for existing DPV concepts - it would be good for organisations and documentation. Though someone has to do this work.
harsh: We (funded project) are working on consent receipt updates, which we intend to feed back to the group once done.
NishadThalhath: We are working on METAPROFILES using DPV where data publishing is declared
Georg shared screen demoing Signatu's use of DPV in consent dialogue
Uses concepts for data, processing, purpose, legal basis, recipients. Also mentions benefits which DPV is currently missing.
Action: harsh to add 'benefits' to list of proposed concepts (hasBenefits, hasBenefitsFor)
<trackbot> Created ACTION-147 - Add 'benefits' to list of proposed concepts (hasbenefits, hasbenefitsfor) [on Harshvardhan J. Pandit - due 2021-01-13].
(continued from Georg's demo) The concepts are then also used to generate Privacy Policies. These both come from the ROPA data provided.
Next meeting
20 JAN 2021 13:00 WET / 14:00 CET