Meeting minutes
Introductions
stephenTattum works at PolyPoly https://
stephenTattum: we use data categories and purposes from DPV to describe what is usually in a notice information or policy
paulR: DPV as a vocabulary is lacking in terms of purposes, and this list needs to be expanded. For example, the Belgian ROPA guidance document provides many more concepts.
harsh: agreed; we'll put in our action items to work on these purposes
harsh: any reference or list of purposes, whether in court case or guidance document or complaint or elsewhere; please share in mailing list, or directly to me, or in wiki, or GitHub
stephenTattum: PolyPoly is like Solid, providing pods governed by policies. We use DPV to declare what data is used and for what purposes.
stephenTattum: I am not familiar with technical details, will have to ask my colleagues
harsh: we're keeping a list of use-cases and uses of DPV in our wiki, would like to add PolyPoly to that; will take this up over email
Housekeeping / Admin
New GitHub repo: https://
GitHub IRI to be share for citing, referencing, sharing DPV: http://
Note that this IRI is "permanent" which means that no matter where DPV is actually stored, we use this as its URL and the browser will redirect to wherever it is stored
Current (old) url this points to is: https://
We will try to keep this alive by redirecting to the new repo and url
New url for dpv is: https://
The pURL or IRI will point to this new url soon, pending when Bert does this (changin IRI requires w3c infra access which only employees have)
Summer workshop
Purposes will be the topic of a dedicated session. We will gather/collect list of purposes from the real-world or other places, and decide on them in a session.
For this, collect list of purposes or sources by JUL-14 - these can be shared at https://
We will then work on them; and have a decision session on AUG-11; giving enough time for comments and resolutions.
Privacy Policies, Terms and Conditions as concepts
A 'policy' can be any generic policy within the organisation or elsewhere. A 'privacy policy', although defined as internal to the organisation, has evolved to become an user-facing document.
Paul: we use the term 'notice' or 'privacy notice' to refer to these
So we have a concept called Notice and then specific concept for PrivacyNotice ?
For terms and conditions; they are a form of contract, but the label is not accurate to reflect their use and context.
Alternate names are also used as 'terms of use' or 'terms of service'
We need more legal input and knowledge for how this is referred to in order to model it as a concept.
Safeguards
How do we model Safeguards? Where do we place them within DPV?
What are Safeguards?
Are they GDPR specific? (no)
Are they always tech & org measures? (no)
Add references, concepts, discussions here: https://
Adequacy decision is a safeguard (Art.45 GDPR) ?
Proposal: safeguard as a separate top-level concept, with specific safeguards defined inside/within its set.
Some safeguards are within technical & organisational measures; or can include technical & organisational measures. But this is not a necessity.
We need to decide which concepts are GDPR-specific, and which are jurisdiction-agnostic and can be put in DPV or DPV-GDPR.
Next Meeting
Next meeting will be next week JUL-07 13:00 WEST / 14:00 CEST