Meeting minutes
Consensus on last week's resolution regarding data transfers
for minutes, as always, see here: https://
last week's session minutes: https://
no additional comments; we add concepts to the proposed list
Expanding Purpose taxonomy
see https://
Proposals for sources of purposes from DPA ROPAs (BE, UK), EDPB, CCPA
paulR presenting (shared screen)
paulR: GDPR and EDPB specify that purpose must have details and granularity to make it specific and fit the requirements
paulR: Belgian ROPA has 65 terms for purpose types
paulR: how do we specify these concepts, used in real world, with the ones in purpose category in DPV?
beatrizE: typo in image - LegalObligation is specified instead of LegalCompliance
harsh: any added concept has to fit in the top-down approach and it must have additional abstract concepts added if needed
We need use-cases to apply these and find a) applicability and b) gaps/improvements
Georg: projects about privacy policies that extract metadata e.g. UsablePrivacy
harsh: contacted them; no response; also they work on USA based concepts and don't have several GDPR-required concepts
Georg: good source for EU specific concepts could be recruiter (privacy) policies
Georg: has it been proposed for specifying which data categories are optional and which are mandatory?
(no it has not been proposed so far)
Georg will propose
harsh: are these only limited to data categories; or we can associate them with purpose or even processing? (yes this is possible; so more thinking needed)
Next Meeting
in 2 weeks; WED AUG-28 13:00WEST / 14:00CEST