13:01:20 RRSAgent has joined #dpvcg 13:01:20 logging to https://www.w3.org/2021/03/10-dpvcg-irc 13:01:30 ScribeNick: harsh 13:01:37 Meeting: DPVCG Meeting Call 13:01:43 Chair: harsh 13:02:39 Present: paulryan, juliotorres, nishad 13:03:04 Date: 10 MAR 2021 13:03:42 Agenda: https://lists.w3.org/Archives/Public/public-dpvcg/2021Mar/0000.html 13:04:59 Topic: Moving DPV(CG) repos to Github/W3C 13:06:45 Present: Georg 13:08:31 conversation about moving DPV specs to w3c 13:08:50 note: harsh and beatriz working on issues migration -> to decide if adding directly to w3c repo 13:09:00 present: beatriz 13:09:18 Topic: Proposal to add concepts 13:12:17 Legal bases: we add categories as sub-classes for LegalBasis e.g. legitimate interest, consent, law 13:14:28 For existing DPV-GDPR, these are instances of LegalBasis, but we redefine them as per their category e.g. Art.4-x as instance of Consent as subclasses of LegalBasis 13:15:45 beatriz: is Consent currently defined as a standalone concept, we need to integrate this as well 13:16:19 Later, we will also need to think about explicit consent, different requirements for consent 13:18:46 Also, we also need to think about properties for other legal basis e.g. legitimate interest -> what was it? e.g. contract -> what document? who signed it / are parties? 13:19:32 Technologies - databases, etc. - add and associate with existing concepts, e.g. data storage, transfer, encryption 13:21:09 paulryan: I can share document specifying tech&org measures to help with this discussion 13:24:55 beatriz: we can utilise the same abstraction/pattern as risk i.e. hasRisk 13:25:51 We can apply this as a 'test' to the document to be shared by paul 13:26:41 Present: rana 13:27:01 rana: companies need to specify technologies in a DPIA (e.g.), and they need to associate technologies with some kind of risk 13:29:30 paul: Vendors also ask/specify ISO certifications, anti-virus, etc. And the risk assessment considers these and new technologies. 13:29:53 s/paul/paulryan 13:30:30 s/paul/paulryan/ 13:33:00 Georg: DPAs require information about implementation, and also measures e.g. privacy by design 13:36:32 paulryan: if there are existing vocabularies, how to use/associate these? 13:37:11 harsh: we can point to those, but we need to provide the 'glue' to connect DPV concepts to those e.g. high-level concepts and relationships 13:37:15 To add: consent fields (generic: see consent receipt and GDPR consent record requirements) 13:37:22 beatriz: I'm interested to work on this 13:38:01 georg: I'm interested regarding this as well 13:38:13 Present: MarkLizar 13:38:54 MarkLizar: we have the project Pae:CG Privacy as Expected Consent Gateway https://privacy-as-expected.org/ working on newer version of consent record/receipt which we intend to submit back to DPVCG 13:39:20 MarkLizar: At Kantara, ANCR we intend to standardise this and submit it back to ISO 27560 for standardisation internationally 13:40:53 harsh: ISO 29184 mentions machine-readable records - which is what the DPV could be useful to 13:47:01 Topic: Consent Community Group 13:49:46 https://www.w3.org/community/consent/ 13:49:55 Welcome to join and work on specifics for consent 13:50:22 Slight overlap with DPVCG regarding semantics and concepts, but the scope of CONSENT-CG is much broader and involves everything to do with consent 13:50:30 We can certainly collaborate and sync relevant work 13:57:08 Topic: Next Meeting 13:57:53 In 2 weeks, MAR-24 13:00 WET / 14:00 CET 13:58:03 zakim, bye 13:58:03 leaving. As of this point the attendees have been MarkLizar 13:58:03 Zakim has left #dpvcg 13:58:08 rrsagent, publish minutes v2 13:58:08 I have made the request to generate https://www.w3.org/2021/03/10-dpvcg-minutes.html harsh 13:58:12 rrsagent, set logs world-visible 13:58:58 rrsagent, bye 13:58:58 I see no action items