W3C

– DRAFT –
DPVCG Meeting Call

27 APR 2022

Attendees

Present
beatriz, georg, harsh, julian, mark, nishad, paul
Regrets
-
Chair
harsh
Scribe
harsh

Meeting minutes

Previous minutes

Proposed concepts for Technology

We have several concepts collected and proposed under the Technology extension (namespace dpv-tech). We are now discussing them for sufficiency, design, structuring, etc.

Discussion consensus that the current list of terms is inadequate, and needs several other concepts that need to be represented. Propoals for these are welcome.

Some potential sources for finding such terms are: ENISA reports, ISO standards, even Wikipedia entries where there is a list or taxonomy to adopt.

For example, ENISA has a document on Data Protection Engineering that talks about concepts such as data security and encryption https://www.enisa.europa.eu/publications/data-protection-engineering

Georg has proposed concepts related to plugins (e.g. wordpress plugins), scripts, stylesheets, fonts, etc.

Paul has proposed concepts regarding Encryption at rest, Encryption in transit, Vulnerability scanning, SIEM, Firewalls, Patching, MFA / 2FA

Mark has suggested inclusion of concepts associated with tracking and fingerprinting from https://privacytests.org/private.html

In these discussions, the overlap and conflict between Technology and TOMs (Technical/Organisational Measures) is apparent as often times the concept seems to be duplicated.

Our aim is to avoid duplication where possible. TOMs are 'abstract concepts' that specify a generic principle or concept, whereas the Technology concepts provide specific implementation details for how those are realised.

An example is Encryption, which is a TOM, and then specific kinds of encryption which are technologies.

This needs more introspection and discussion to have a clear criteria or explanation for separation or relation between the two.

It would be beneficial, for example, to have a real-life product as an instance of Technology, and have an annotated list of TOMs is implements or provides. And vice-versa.

In discussion of concepts, the notion of what is a 'Technology' came up, particularly in relation to the concept 'Service' with the argument that it may or may not be a service.

For now, we exclude Service concept and focus on adding other concepts. The Digital Services Act may provide some reusable definitions for what is a service, or whether to define technology as being restricted to Digital Service.

Next Meeting

We will meet in 1 week on MAY-04 at the usual time slot 14:00 CEST

In the meantime, any updates or resources or proposed concepts should be shared via the mailing list and discussed there.

Minutes manually created (not a transcript), formatted by scribe.perl version 185 (Thu Dec 2 18:51:55 2021 UTC).