20:04:34 RRSAgent has joined #dpvcg 20:04:34 logging to https://www.w3.org/2022/10/19-dpvcg-irc 20:04:37 ScribeNick: harsh 20:04:40 Meeting: DPVCG Meeting Call 20:04:43 Chair: harsh 20:04:53 Present: harsh, georg, paul, beatriz 20:05:01 Date: 19 SEP 2022 20:05:08 Agenda: https://lists.w3.org/Archives/Public/public-dpvcg/2022Oct/0005.html 20:05:46 Previous minutes -> https://www.w3.org/2022/10/05-dpvcg-minutes.html 20:06:34 paul: Working on using DPV and DPCat for ROPA-based tools, with a questionnaire to understand uses. Will share with DPVCG when ready for feedback. 20:06:49 Topic: Use-cases, Requirements, and Examples 20:07:06 see email https://lists.w3.org/Archives/Public/public-dpvcg/2022Oct/0003.html 20:09:39 These will be moved to the main repo, along with additional functionality that links examples in the tables for relevant concepts within specs 20:09:50 Topic: Discussion on rules 20:10:07 See previous minutes for reference and overview 20:10:27 georg: Where should the rules be expressed? Does everything (e.g. each PersonalDataHandling) have to be explicitly declared as permission and prohibition? 20:11:54 harsh: Default is that something is permitted which we implicitly are using currently, so we can explicitly say something is not permitted. But for contexts such as recording a decision for consent, you can explicitly denote permissions and prohibitions to reflect what the user has expressed to indicate a complete decision from choices. Though typically a record only contains the decision rather than all choices. 20:12:59 See beatriz's email - https://lists.w3.org/Archives/Public/public-dpvcg/2022Oct/0006.html regarding creating equivalent ODRL policies for rules expressed in DPV 20:13:15 Since there are no specific queries regarding rules, we accept them for inclusion within the spec. 20:13:23 Topic: DPV v1 release 20:14:04 We had invited comments until OCT-15, and we received a few major as well as minor comments. Most have been address (ref. mailing list and GitHub issues), with some still pending - such as dpv-tech and Cloud computing concepts. 20:14:21 However, no issues identified that are 'blocking' the release. 20:15:11 We discussed and set NOV-15 as the date for release, to have it published in time for dissemination before the christmas break and to indicate 'stability' in the current work while continuing to enhance it. 20:16:03 We discussed what is 'missing' from the current set of concepts in DPV, namely - rights, data breaches, and data transfers. We agreed that rather than wait to finish these concepts, we will continue with the v1 release, and add them as per their condition at the time. 20:16:47 For example, if the concepts have been accepted, they will be added while documentation may be pending. If the concepts are still being explored, a note to the effect and their proposed status will be added (e.g. appendix). This is to indicate that while the concepts are not present in the spec, they are being worked upon. 20:17:12 Topic: Exercising Rights 20:17:39 See email - https://lists.w3.org/Archives/Public/public-dpvcg/2022Oct/0004.html regarding concepts representing exercising of rights, responses, status, and provenance of activities. 20:18:16 We will take this up in the next meeting specifically to go over the examples. In this meeting, we discussed the concepts regarding exercising rights. 20:18:57 beatriz has proposed - https://github.com/w3c/dpv/issues/63 to add `RightExemption` as a concept to represent the cases where a right cannot be fulfilled 20:19:59 We discussed and agreed on the term `RightNonFulfilmentJustification` as a type of `Justification` to indicate why a right could not be fulfilled. This is to avoid the phrase "right exemption" which would be interpreted as saying an exemption to providing the right. 20:21:14 In cases where the right cannot be fulfilled, the appropriate status (e.g. RightNotFulfilled) and a justification (i.e. RightNonFulfilmentJustification) would be used. Examples from beatriz's list include (Art.13/Art.14/etc.) - Data subject already has been provided this information, Confidentiality breach, and so on. 20:23:06 Topic: Additional discussion and notes 20:23:47 Systematic and extensive evaluation of personal aspects relating to natural persons - from GDPR's DPIA 35.3a can be a list of SKOS concepts that suggest what other concepts are relevant to interpret this (complex) concept. Need to figure out how to provide such a list. 20:24:00 DPV-PD - adding CriminalOffense as subtype of Criminal 20:24:43 DPV-GDPR - adding Proportionality, SystematicExtensiveEvaluationOfPersonalAspects 20:24:59 Risk - New category of consequences related to ConsequenceOnDataSecurity and new category for ConsequenceForDataSubject and ImpactOnDataSubject 20:25:40 OrgMeasure - new concepts for reviewing validity, effectiveness, etc. - with specific types for ReviewImpactAssessmentConformance and ReviewImpactAssessmentAdequacy ; adding ConsultationWithDataSubjectRepresentative for DPIA 20:26:23 Lawfulness as a specific compliance sub type for legal compliance, with types Lawful, Unlawful, and LawfulnessUnknown ; with variations for GDPR as GDPRLawfulness, GDPRCompliant, and so on 20:26:51 ConformanceStatus as a specific type to indicate conformance (as distinct from compliance), with types Conformant and NonConformant 20:28:09 DPIA outcomes in terms of processing recommendations as DPIARecommendsProcessingContinue and DPIARecommendsProcessingNotContinue 20:28:25 DPIA adherence expressed as DPIAConformity with specific types 20:28:33 Topic: Next Meeting 20:28:52 We will meet again in 1 week, on OCT-26 WED 13:00 WEST / 14:00 CEST 20:29:24 Topics will be continued discussion on rights, with specifically focusing on the examples shared on mailing list and representing GDPR's rights 20:29:29 rrsagent, publish log v2 20:29:29 I'm logging. I don't understand 'publish log v2', harsh. Try /msg RRSAgent help 20:29:37 rrsagent, publish minutes v2 20:29:37 I have made the request to generate https://www.w3.org/2022/10/19-dpvcg-minutes.html harsh 20:29:40 rrsagent, set logs world-visible 20:30:49 \quit 20:30:52 rrsagent, bye 20:30:52 I see no action items