Meeting minutes
DPV & DPV-GDPR v0.3
see https://
Deciding next steps
paulR: tech & org measures are 'weak' compared to other vocabs, if there are aligned vocabularies to use/utilise
paulR: these are essential to do in terms of practical use/application and do risk assessments
markL: notice & consent, relation to measures for security and safeguards. Relation from PIPEDA to GDPR regarding consent requirements.
markL: code of practice or code of conduct for consent
markL: work done in NGI TRUST PAECG project https://
georgK: ~13 different applications, and how DPV is used or mapped or usable there
georgK: DPV to express privacy policy (i.e. textual policies on websites)
georgK: e.g. related to GDPR A.13/A.14
markL: layered policies, signals, consent policies and descriptions
beatrizE: use-cases of DPV - code examples such as privacy policies, consent
julianF: privacy policies - natural language with standardised vocabularies - which are then transformed into enforceable policies
julianF: serialisations formats (mentioned, but not prioritised)
georgK: involved in health data group, which has considered DPV, and uses permissions and prohibitions, similar to DUO, which are granular and can be introduced and connected to other concepts
georgK: DPV is by design open/free to use, and not restricted, which has pros and cons, e.g. usable across jurisdictions
markL: specifying privacy rights in terms of technical details for what they mean
markL: purpose specification, privacy rights related to concepts
georgK: following from paulR, there is a need to measure data security measures
georgK: 'context' of where DPV is used in, e.g. privacy policy for employees, apps, services, policies
markL: permission vs purposes model, identity management technology, in terms of purposes having permissions; DPV should express scope of purpose e.g. 1 time use, limitations to use
harsh: purpose decomposition into 'validity' is mostly dependant on jurisdictional requirements which are tied closely to legal basis e.g. legitimate interest of a purpose
harsh: for DPV to consider this in scope, it should be usable in a general sense; for jurisdictional concepts, welcome concrete propositions, examples, and demonstrations
harsh: we start with top-2 ideas and choose according
harsh: for me, its consent attributes/requirements and real-world info such as security measures, but also standards, jurisdictions
markL: consent and rights
paulR: privacy notices/policies, and tech/org measures
beatrizE: privacy policies
georgK: privacy policies, and user-centric consent management
julianF: consent (legal basis as in GDPR), and privacy policies
consolidation and consensus - privacy policies, consent attributes, and real-world technical measures
Next Meeting
We will be meeting again next week, WED OCT-13 13:00 WEST / 14:00 CEST
Following DPVCG's call, WU and NOYB are presenting their work in the RESPECTeD project about ADPC - an user-side consenting protocol https://