Meeting minutes
Issues/Actions listed in W3C tracker
beatriz: I attended the ANCR (Kantara WG), and they are interested in primer and contributing to use-cases
georg: Signatu is currently participating in a competition for PbD (design, default), and our use-case involves DPV. So this would be good to the community (DPVCG).
rigo: Consent is not only a token (in response), but also includes/requires information about what the consent is about (info/metadata)
rigo: The problem is package / container, so my suggestion or advice to the consent people is to provide us with a container
harsh: Is consent receipt / record (or whatever the standard/spec ends up being called) a solution or approach here?
georg: Currently, we have consent receipt/record as a transaction, and though it is supported in more technical possibilities, we aren't providing it yet
rigo: I'm involved in a project called MOSAIcROWN https://
rigo: This involves recording the semantics/info about use-case (e.g. analytics for a charging station) in connection with consent
rigo: we're implementing sticky policies, so one could point to the policy for all pertinent demonstration/proof/record
harsh: I'm working on a project related to consent (privacy as expected https://
harsh: And the problem is that there can be many efforts, but they need to satisfy legal requirements and be auditable. E.g. there's CR v1.1, there's ISO 27560 in progress, Kantara has another WG for consent receipts
harsh: And I remember when we were doing DPV v0.1 via workshop/meeting, we had consent receipt on the agenda. Maybe now is a good time to resume the effort?
rigo: 20 years ago in P3P, there was a consent key field with info about 5 (purposes) which might be suitable for a use-case, but wouldn't scale or be applicable to practical use-cases
georg: Signatu has a system where store metadata associated with consent (e.g. purpose, data storage), and you can request key, records, and we can package it to share
rigo: There are also other legal bases, which also need to be packaged/used in a similar way.
rigo: If you're doing processing in health/medical domain, there is also recording of ethical clearance/advice/report, which is done once and then stored (as reference) in data lake.
harsh: for DPV, we have the basis of what is 'processing' i.e. data handling and legal bases. We need to go to the next level now and then think what do we need to specify consent, specify contract.
rigo: DNT has a field for consent blob (or can be associated with) that can be used as/to provide receipt. Something to think about / look into.
rigo: You should look at using named graphs as a way to capture a 'record' of a transaction or event, this could be a nice way to package RDF since tooling already exists to work with named graphs.
rigo: Look at RDF* (rdf-star) https://
rigo: In the legal domain, property graphs are more analogous than just triples, so RDF* can help specify information with DPV
georg: The Global Health Alliance (GHA) http://
Decision on Action/Issue Tracker
We will move to GitHub (from currently W3C trackers) as the sole place for listing issues and trackers
rigo will be looking into W3C namespace repo for DPVCG on GitHub
beatriz and harsh will summarise, filter issues/actions and move them to GitHub for record/discussion
Proposed Terms
nishad: does DPV have a term to indicate a related resource (a record) e.g. privacy policy
rigo: DPV uses the same global namespace schema as RDF for semantics IRIs, so that is the usual identifier used rather than an external resource
harsh: for referencing to other resources, there are vocabularies e.g. rdfs:seeAlso or dct:source that are better suited, rather than having DPV duplicate everything
harsh: DPV currently does not have a 'privacy policy' term --> something to add to proposed terms?
Tools shared / discussed today
nishad: OntoSpy dpv explorer https://
nishad: https://
harsh: OTTR https://
Next Meeting Call
The next meeting call will in 2 weeks, at the usual time: 13:00 WET / 14:00 CET