12:50:22 RRSAgent has joined #dpvcg 12:50:22 logging to https://www.w3.org/2021/02/24-dpvcg-irc 12:51:27 ScribeNick: harsh 12:51:37 Meeting: DPVCG Meeting Call 12:51:43 Chair: harsh 12:52:02 Date: 24 FEB 2021 12:52:23 Agenda: https://lists.w3.org/Archives/Public/public-dpvcg/2021Feb/0011.html 12:57:39 Present: paulryan 12:59:44 rigo has joined #dpvcg 13:01:11 present+: nishad, julio 13:04:34 present+: beatriz, georg, rigo 13:04:47 Topic: Issues/Actions listed in W3C tracker 13:05:41 beatriz: I attended the ANCR (Kantara WG), and they are interested in primer and contributing to use-cases 13:05:52 present+: rana 13:07:20 georg: Signatu is currently participating in a competition for PbD (design, default), and our use-case involves DPV. So this would be good to the community (DPVCG). 13:07:53 rigo: Consent is not only a token (in response), but also includes/requires information about what the consent is about (info/metadata) 13:08:32 rigo: The problem is package / container, so my suggestion or advice to the consent people is to provide us with a container 13:09:28 harsh: Is consent receipt / record (or whatever the standard/spec ends up being called) a solution or approach here? 13:10:27 georg: Currently, we have consent receipt/record as a transaction, and though it is supported in more technical possibilities, we aren't providing it yet 13:10:51 rigo: I'm involved in a project called MOSAIcROWN https://mosaicrown.eu/ 13:11:24 rigo: This involves recording the semantics/info about use-case (e.g. analytics for a charging station) in connection with consent 13:11:50 rigo: we're implementing sticky policies, so one could point to the policy for all pertinent demonstration/proof/record 13:13:58 harsh: I'm working on a project related to consent (privacy as expected https://privacy-as-expected.org/) which also involves consent records 13:15:03 harsh: And the problem is that there can be many efforts, but they need to satisfy legal requirements and be auditable. E.g. there's CR v1.1, there's ISO 27560 in progress, Kantara has another WG for consent receipts 13:15:04 harsh: And I remember when we were doing DPV v0.1 via workshop/meeting, we had consent receipt on the agenda. Maybe now is a good time to resume the effort? 13:15:43 rigo: 20 years ago in P3P, there was a consent key field with info about 5 (purposes) which might be suitable for a use-case, but wouldn't scale or be applicable to practical use-cases 13:18:49 georg: Signatu has a system where store metadata associated with consent (e.g. purpose, data storage), and you can request key, records, and we can package it to share 13:19:54 rigo: There are also other legal bases, which also need to be packaged/used in a similar way. 13:20:23 rigo: If you're doing processing in health/medical domain, there is also recording of ethical clearance/advice/report, which is done once and then stored (as reference) in data lake. 13:24:15 harsh: for DPV, we have the basis of what is 'processing' i.e. data handling and legal bases. We need to go to the next level now and then think what do we need to specify consent, specify contract. 13:24:38 rigo: DNT has a field for consent blob (or can be associated with) that can be used as/to provide receipt. Something to think about / look into. 13:51:14 rigo: You should look at using named graphs as a way to capture a 'record' of a transaction or event, this could be a nice way to package RDF since tooling already exists to work with named graphs. 13:51:42 rigo: Look at RDF* (rdf-star) https://w3c.github.io/rdf-star/cg-spec/2021-02-18.html to annotate records/triples with information 13:52:15 rigo: In the legal domain, property graphs are more analogous than just triples, so RDF* can help specify information with DPV 13:53:07 georg: The Global Health Alliance (GHA) http://www.ghahealth.com/ also uses graphs linked/populated from GitHub, so another resource to look at (for examples/use) 13:53:20 Topic: Decision on Action/Issue Tracker 13:53:49 We will move to GitHub (from currently W3C trackers) as the sole place for listing issues and trackers 13:54:09 rigo will be looking into W3C namespace repo for DPVCG on GitHub 13:54:30 beatriz and harsh will summarise, filter issues/actions and move them to GitHub for record/discussion 13:54:38 Topic: Proposed Terms 13:54:54 nishad: does DPV have a term to indicate a related resource (a record) e.g. privacy policy 13:55:27 rigo: DPV uses the same global namespace schema as RDF for semantics IRIs, so that is the usual identifier used rather than an external resource 13:55:57 harsh: for referencing to other resources, there are vocabularies e.g. rdfs:seeAlso or dct:source that are better suited, rather than having DPV duplicate everything 13:56:17 harsh: DPV currently does not have a 'privacy policy' term --> something to add to proposed terms? 13:56:36 Topic: Tools shared / discussed today 13:57:10 nishad: OntoSpy dpv explorer https://nishad.github.io/dpv-explorer/ documentation for dpv 13:57:35 nishad: https://github.com/dcmi/dctap for specifying restrictions/profiles 13:57:47 harsh: OTTR https://ottr.xyz/ for ontology / templating 13:57:56 Topic: Next Meeting Call 13:58:17 The next meeting call will in 2 weeks, at the usual time: 13:00 WET / 14:00 CET 13:58:24 zakim, bye 13:58:24 leaving. As of this point the attendees have been paulryan, :, nishad, julio, beatriz, georg, rigo, rana 13:58:24 Zakim has left #dpvcg 13:58:30 rrsagent, publish minutes v2 13:58:30 I have made the request to generate https://www.w3.org/2021/02/24-dpvcg-minutes.html harsh 13:58:35 rrsagent, set logs world-visible 13:58:41 rrsagent, bye 13:58:41 I see no action items