12:00:30 <RRSAgent> RRSAgent has joined #dpvcg
12:00:30 <RRSAgent> logging to https://www.w3.org/2021/09/22-dpvcg-irc
12:00:32 <harsh> ScribeNick: harsh
12:00:34 <harsh> Meeting: DPVCG Meeting Call
12:00:41 <harsh> Chair: harsh
12:00:49 <harsh> Date: 22 SEP 2021
12:01:40 <harsh> Agenda: https://lists.w3.org/Archives/Public/public-dpvcg/2021Sep/0004.html
12:02:53 <harsh> Present: harsh, georgK, davidH
12:03:08 <harsh> present+: beatriz
12:05:14 <harsh> present+: ranaS
12:05:21 <harsh> Topic: Concepts for Data Transfers
12:05:36 <harsh> term - Art45-Adequacy ; we have 45-3 in DPV-GDPR as a legal basis
12:06:58 <harsh> davidH: when working with adequacy decisions, the country of data transfer is mentioned and whether the country has adequacy
12:07:49 <harsh> georgK: the specific adequacy decision is also referenced
12:10:49 <harsh> harsh: so if we create instances of specific adequacy decisions (e.g. for South Korea), then use the decision itself as IRI or link to document, and use annotations to specify country either as string or ISO code
12:10:59 <harsh> term - Art46 - related to transfer tools
12:12:44 <harsh> david: A46 provides use of 'safeguards' which include BCR, SCCs, others
12:13:07 <harsh> david: unclear whether safeguards are techorg measures
12:19:50 <harsh> proposal - OrgMeasure -> Safeguard -> DataTranferSafeguard
12:22:10 <harsh> We're unclear where SCCs fit in GDPR. They are a form of contract, but not clear whether they are called SCC globally
12:24:04 <harsh> We can model them in DPV-GDPR, but specifying SCC as a type of DataTransferSafeguard and a Contract and an implementation A46 legal basis
12:24:27 <harsh> term - A46 Binding Corporate Rules
12:25:14 <harsh> davidH: they are essentially contracts, so could be modelled similar to SCC
12:25:23 <harsh> georgK: BCR are defined in A4.20
12:29:57 <harsh> We're unclear whether BCR, like SCC, have a global use as a concept. So we model them in the same way as SCC.
12:30:24 <harsh> term - A46.2 clauses
12:31:52 <harsh> A46.2a can be any legal instrument, so we leave as is
12:31:59 <harsh> A46.2b is BCR
12:32:33 <harsh> A46.2c and 2d are SCC approved by commission but 2d are by supervisory authority
12:34:57 <harsh> Separate concepts for 2c and 2d
12:38:48 <harsh> A26.2e is a code of conduct with additional requirements - complex to model. We have a CoC in techorg measure, but this is not sufficient to merely subclass. More research needed.
12:38:59 <harsh> s/26/46
12:40:15 <harsh> A46.2f has certification mechanism with additional requirements - also complex to model. More research needed.
12:41:55 <harsh> A46.3a contractual clauses - subclass of contract
12:42:04 <harsh> A46.3b - leave as is
12:47:57 <harsh> term - Supplementary Measure, to be added under DPV-GDPR
12:54:58 <harsh> term A49.1 are similar to legal bases, in DPV-GDPR the individual clauses are subclassed with these concepts, except e and f
12:55:16 <harsh> Topic: Next Meeting
12:56:10 <harsh> In 2 weeks, OCT-06 WED 13:00 CEST / 14:00 CEST
12:56:35 <harsh> Harsh will share dpv v0.3 outputs for review and ready for publication
12:56:50 <harsh> Harsh will share list of collected concepts/items to be considered for next steps / actions in DPV
12:56:54 <harsh> zakim, bye
12:56:54 <Zakim> leaving.  As of this point the attendees have been harsh, georgK, davidH, :, beatriz, ranaS
12:56:54 <Zakim> Zakim has left #dpvcg
12:57:02 <harsh> rrsagent, publish minutes v2
12:57:02 <RRSAgent> I have made the request to generate https://www.w3.org/2021/09/22-dpvcg-minutes.html harsh
12:57:04 <harsh> rrsagent, set logs world-visible
12:57:56 <harsh> rrsagent, bye
12:57:56 <RRSAgent> I see no action items