Meeting minutes
Moving DPV(CG) repos to Github/W3C
conversation about moving DPV specs to w3c
note: harsh and beatriz working on issues migration -> to decide if adding directly to w3c repo
Proposal to add concepts
Legal bases: we add categories as sub-classes for LegalBasis e.g. legitimate interest, consent, law
For existing DPV-GDPR, these are instances of LegalBasis, but we redefine them as per their category e.g. Art.4-x as instance of Consent as subclasses of LegalBasis
beatriz: is Consent currently defined as a standalone concept, we need to integrate this as well
Later, we will also need to think about explicit consent, different requirements for consent
Also, we also need to think about properties for other legal basis e.g. legitimate interest -> what was it? e.g. contract -> what document? who signed it / are parties?
Technologies - databases, etc. - add and associate with existing concepts, e.g. data storage, transfer, encryption
paulryan: I can share document specifying tech&org measures to help with this discussion
beatriz: we can utilise the same abstraction/pattern as risk i.e. hasRisk
We can apply this as a 'test' to the document to be shared by paul
rana: companies need to specify technologies in a DPIA (e.g.), and they need to associate technologies with some kind of risk
paulryanryan: Vendors also ask/specify ISO certifications, anti-virus, etc. And the risk assessment considers these and new technologies.
Georg: DPAs require information about implementation, and also measures e.g. privacy by design
paulryan: if there are existing vocabularies, how to use/associate these?
harsh: we can point to those, but we need to provide the 'glue' to connect DPV concepts to those e.g. high-level concepts and relationships
To add: consent fields (generic: see consent receipt and GDPR consent record requirements)
beatriz: I'm interested to work on this
georg: I'm interested regarding this as well
MarkLizar: we have the project Pae:CG Privacy as Expected Consent Gateway https://
MarkLizar: At Kantara, ANCR we intend to standardise this and submit it back to ISO 27560 for standardisation internationally
harsh: ISO 29184 mentions machine-readable records - which is what the DPV could be useful to
Consent Community Group
https://
Welcome to join and work on specifics for consent
Slight overlap with DPVCG regarding semantics and concepts, but the scope of CONSENT-CG is much broader and involves everything to do with consent
We can certainly collaborate and sync relevant work
Next Meeting
In 2 weeks, MAR-24 13:00 WET / 14:00 CET