Meeting minutes
DPV Personal Data Category naming
see https://
Changing PersonalDataCategory to PersonalData --> big change, needs to be taken up with all on mailing list
for prefixing or suffixing concepts ; proposal is Historical --> HistoricalData
georg: related to issue regarding whether the naming should also reflect whether something is personal data, after anonymising, etc.
paul: what is the origin of these names?
harsh: EnterPrivacy taxonomy, and in SPECIAL there were separate vocabs for each concept e.g. personal data category
harsh: a better example is perhaps Location as personal data, but also relevant in recipient and data storage where it is a separate concept
Two options we have: separate vocabularies - to minimise compatibility issues, we can move just the personal data categories; OR add prefix/suffix to data categories
beatriz: both are fine
paul: one single vocab would be preferable
georg: one single vocab is the selling point / attraction for DPV
julian: one view or vocab is preferable
We have option to prefix PD as a suggestion
georg: Do we limit this to PD or also expand with other requests such as EyeColourDataSensitive?
harsh: only for PD, for sensitive we have subclass
No objections to prefixing with PD
Should DPV provide Constraints/Permissions/Prohibitions?
See https://
See https://
beatriz: would be better to use ODRL since it has rights and constraints handling by design and purpose
harsh: there is value in lightweight concepts, which can be further expressed using ODRL
We consider this of interest, and needing further thought. Beatriz will be the technical evaluator to express critique.
Personal data characteristics: collection method (direct, inferred), sensitivity, (pseudo-)anonymisation
Collection method (direct, inferred) -> is of interest; propose concepts for review
Sensitivity - proposal to have this as subclass of PersonaDataCategory and parent class of SpecialCategories
georg: are they the same? see. Rec 10
harsh: they should be different, Sensitive is a larger set, e.g. EDPB considers Location as sensitive but it is not Special
agreement that Sensitivity can be added to DPV
Anonymisation and Pseudo-anonymisation (along with levels, methods) are in interest. As in anonymised and pseudo-anonymised data. To provide concepts for review.
Technology / Implementation details e.g. storage mechanism, use of cookies
Agreement that this is of interest, and should be added
Proposal is to have a separate concept for technology (or technological implementation) for associating how something else in DPV is implemented e.g. data storage in cloud storage or database
Privacy Policy and related concepts
see https://
see https://
(shared screen by Georg showing mind map of privacy policy concepts)
concepts being discussed - publishing data, duration (start and end of effect) can be represented using DCT or DCAT as relevant
georg: how to number/identify specific personal data handling instances in a privacy policy
We stop the discussion here due to time limits.
Next Meeting
We will meet again on WED OCT-27 13:00 WEST / 14:00 CEST
Discussion will take place asynchronously on the mailing list / elsewhere meanwhile