IRC log of dpvcg on 2018-09-18

Timestamps are in UTC.

13:51:33 [RRSAgent]

RRSAgent has joined #dpvcg

13:51:33 [RRSAgent]

logging to https://www.w3.org/2018/09/18-dpvcg-irc

13:51:35 [trackbot]

RRSAgent, make logs public

13:51:35 [Zakim]

Zakim has joined #dpvcg

13:51:37 [trackbot]

Meeting: Data Privacy Vocabularies and Controls Community Group Teleconference

13:51:37 [trackbot]

Date: 18 September 2018

13:52:08 [Bert]

agenda: https://www.w3.org/mid/FF0D259C-CCAA-49D6-9AEB-9D259E0832A1@wu.ac.at

13:52:09 [agendabot]

clear agenda

13:52:09 [agendabot]

agenda+ Roll call, select scribe, agenda

13:52:09 [agendabot]

agenda+ Approval of last telcon's minutes:

13:52:09 [agendabot]

agenda+ Go through action items

13:52:09 [agendabot]

agenda+ Harsh's mail on how to structure what we collected so far:

13:52:12 [agendabot]

agenda+ Plan next meeting(s) and revisit timeline.

13:52:14 [agendabot]

agenda+ AOB

13:55:47 [Bert]

chair: Bert

13:56:24 [Bert]

RRSAgent, make minutes v2

13:56:24 [RRSAgent]

I have made the request to generate https://www.w3.org/2018/09/18-dpvcg-minutes.html Bert

13:57:06 [simonstey]

simonstey has joined #dpvcg

13:59:47 [Ramisa]

Ramisa has joined #dpvcg

14:01:03 [Bert]

present+

14:01:36 [AxelPollleres]

AxelPollleres has joined #dpvcg

14:01:39 [simonstey]

present+

14:02:23 [stefano]

stefano has joined #dpvcg

14:02:26 [Bert]

zakim, agenda?

14:02:26 [Zakim]

I see 6 items remaining on the agenda:

14:02:27 [Zakim]

1. Roll call, select scribe, agenda [from agendabot]

14:02:27 [Zakim]

2. Approval of last telcon's minutes: [from agendabot]

14:02:27 [Zakim]

3. Go through action items [from agendabot]

14:02:27 [Zakim]

4. Harsh's mail on how to structure what we collected so far: [from agendabot]

14:02:27 [Zakim]

5. Plan next meeting(s) and revisit timeline. [from agendabot]

14:02:28 [Zakim]

6. AOB [from agendabot]

14:05:01 [Javier]

Javier has joined #dpvcg

14:06:42 [stefano]

do you need to assign me as a scribe?

14:07:08 [Bert]

scribenick: stefano

14:07:48 [stefano]

Bert asks whether there are more items for the agenda, no items added

14:08:13 [simonstey]

+1

14:08:14 [stefano]

No comments on the previous meeting's minutes

14:09:30 [stefano]

action items: action "Add some overview of SPECIAL use case(s)" for Bert is half done

14:09:30 [trackbot]

Error finding 'items'. You can review and register nicknames at <https://www.w3.org/community/dpvcg/track/users>.

14:09:38 [stefano]

still on progress

14:10:08 [Bert]

close action-9

14:10:08 [trackbot]

Closed action-9.

14:10:41 [stefano]

Action Nr. 9: Axel talked to Stefan Dekker but the action is not concluded yet

14:10:41 [trackbot]

Error finding 'Nr.'. You can review and register nicknames at <https://www.w3.org/community/dpvcg/track/users>.

14:11:37 [stefano]

About Action 12: Simon has already worked at the requirements templates some weeks ago

14:11:43 [Bert]

action-12?

14:11:43 [trackbot]

action-12 -- Simon Steyskal to Look over requirements template -- due 2018-08-14 -- OPEN

14:11:43 [trackbot]

https://www.w3.org/community/dpvcg/track/actions/12

14:12:13 [simonstey]

https://www.w3.org/community/dpvcg/wiki/Template_for_requirements

14:12:38 [stefano]

The action has been discussed in a previous meeting, unclear why still open

14:13:07 [Bert]

close action-12

14:13:07 [trackbot]

Closed action-12.

14:13:54 [stefano]

About Action 14: Axel still needs to follow up with contact with IEEE 7012

14:14:13 [harsh]

harsh has joined #dpvcg

14:14:59 [stefano]

About Action 17: Axel would like to decide what we want to build a vocabulary for, this is listed in the charter, this would be categories of data, purposes and processing

14:15:34 [stefano]

Axel would like people would clarify their thoughts on these 3 points, since these are core points at least for a start

14:16:04 [stefano]

it would be good to read the use cases in this light, so to categorize it according to the three above-mentioned points

14:16:41 [stefano]

Axel is unsure about what more we need as far as requirements are concerned, more than what we already have or could get from what we have now

14:17:09 [stefano]

also interesting categorisation of Data Controllers, but this is secondary

14:18:24 [simonstey]

is data controller == data processor?

14:18:37 [stefano]

No, it is different

14:20:26 [simonstey]

+q

14:20:58 [stefano]

Stefano proposes to add storage location, security and time of storage

14:21:08 [Bert]

ack sim

14:22:36 [stefano]

Simon asks whether we want to talk about data processors as well

14:23:39 [simonstey]

https://www.gdpreu.org/the-regulation/key-concepts/data-controllers-and-processors/

14:24:40 [stefano]

Axel proposes to close the list of categories and start examining the use cases

14:25:48 [stefano]

About Action 18: Stefano had a look at one use case from Mydata but more work needs to be done

14:26:29 [Bert]

close action-22

14:26:29 [trackbot]

Closed action-22.

14:26:59 [stefano]

Action 22: Nobody is going to the conference from the DECODE project

14:26:59 [trackbot]

Error finding '22'. You can review and register nicknames at <https://www.w3.org/community/dpvcg/track/users>.

14:27:59 [AxelPollleres]

PROPOSED: This is the initial requirements we want to cover in DPVCG

14:27:59 [AxelPollleres]

* GDPR Terminology:

14:28:01 [AxelPollleres]

* agreed definition data controller

14:28:02 [AxelPollleres]

* agreed definition data processor

14:28:04 [AxelPollleres]

* agreed definition data recipient

14:28:05 [AxelPollleres]

* agreed definition data subject

14:28:07 [AxelPollleres]

* We want to define hierarchical taxonomies (backed by use cases) of

14:28:08 [AxelPollleres]

* categories of personal data

14:28:10 [AxelPollleres]

* (personal data handling) purposes

14:28:11 [AxelPollleres]

* processing categories

14:28:13 [AxelPollleres]

* categories of data controllers, processors, recipients (optional)

14:28:14 [AxelPollleres]

* storage locations

14:28:15 [AxelPollleres]

* security measures

14:28:16 [AxelPollleres]

* storage duration

14:29:58 [harsh]

+q

14:30:05 [Bert]

ack har

14:30:28 [harsh]

no audio :(

14:30:34 [harsh]

I'll type instead

14:31:05 [harsh]

Should we be comprehensive about ALL terms in the context of GDPR compliance? e.g. data source, consent & how it was given, etc.

14:31:06 [stefano]

Javier: In Vienna there was a comment about anonymisation of personal data

14:31:23 [AxelPollleres]

s/security measures/security measures (incl. e.g. anonymisation "levels")

14:31:47 [stefano]

This might be included in the security category

14:33:21 [stefano]

Pseudoanonymisation is explicitly mentioned as security measure in the GDPR

14:34:26 [AxelPollleres]

q+

14:34:35 [Bert]

ack ax

14:34:48 [stefano]

Stefano: consent should be covered for GDPR

14:35:30 [stefano]

Axel: we need to formalise consent, this is the reason why he proposed the categories already mentioned

14:35:56 [stefano]

Stefano: I think we can start with what Axel proposes

14:36:49 [AxelPollleres]

Axel: I'd be happy to take it from there if we think that this list is not enough to formalize consent (happy to open an issue for that along with the proposal

14:38:10 [stefano]

Harsh proposes to have a different section on the discussion regarding terms such as consent, to have a place where the different meaning are listed so they can be referred back to

14:38:25 [stefano]

This section would be on the wiki

14:39:24 [stefano]

Harsh is willing to start this section

14:40:24 [stefano]

ACTION to Harsh: create a section about different terms on the wiki

14:40:24 [trackbot]

Error finding 'to'. You can review and register nicknames at <https://www.w3.org/community/dpvcg/track/users>.

14:41:26 [stefano]

SImon: we can explicitly indicate that the list could be expanded in the future

14:41:54 [AxelPollleres]

PROPOSED: This is an initial non-comprehensive list of GDPR Terminology terms, we want to define/agree upon in DPVCG (we might extend this list upon additional proposals):

14:41:55 [AxelPollleres]

* agreed definition data controller

14:41:56 [AxelPollleres]

* agreed definition data processor

14:41:58 [AxelPollleres]

* agreed definition data recipient

14:41:59 [AxelPollleres]

* agreed definition data subject

14:41:59 [AxelPollleres]

* agreed definition consent

14:42:11 [simonstey]

+1

14:42:13 [AxelPollleres]

+1

14:42:18 [harsh]

+1

14:42:34 [stefano]

+1

14:42:36 [harsh]

q+

14:42:39 [Bert]

+1

14:42:39 [AxelPollleres]

+1

14:42:48 [Ramisa]

+1

14:42:49 [Bert]

ack ha

14:43:58 [stefano]

harsh: should compliance be included? Axel: the notion should be put in a separete proposal

14:44:04 [stefano]

harsh: should compliance be included? Axel: the notion should be put in a separate proposal

14:44:36 [Javier]

+1

14:44:48 [AxelPollleres]

RESOLVED: This is an initial non-comprehensive list of GDPR Terminology terms, we want to define/agree upon in DPVCG (we might extend this list upon additional proposals):

14:44:48 [AxelPollleres]

* agreed definition data controller

14:44:50 [AxelPollleres]

* agreed definition data processor

14:44:51 [AxelPollleres]

* agreed definition data recipient

14:44:52 [AxelPollleres]

* agreed definition data subject

14:44:53 [AxelPollleres]

* agreed definition consent

14:45:00 [AxelPollleres]

PROPOSED: We want to the define the following hierarchical taxonomies (backed by use cases), where again we might extend this list upon additional proposals):

14:45:01 [AxelPollleres]

* categories of personal data

14:45:02 [AxelPollleres]

* (personal data handling) purposes

14:45:04 [AxelPollleres]

* processing categories

14:45:05 [AxelPollleres]

* categories of data controllers, processors, recipients (optional)

14:45:07 [AxelPollleres]

* storage locations

14:45:08 [AxelPollleres]

* security measures (including e.g. anonymisation "levels", pseudonymisation)

14:45:09 [AxelPollleres]

* storage duration

14:45:10 [AxelPollleres]

+1

14:45:14 [harsh]

+1

14:45:18 [simonstey]

+1

14:45:19 [Javier]

+1

14:45:24 [Ramisa]

+1

14:45:25 [stefano]

+1

14:45:35 [Bert]

+1

14:45:58 [AxelPollleres]

RESOLVED: We want to the define the following hierarchical taxonomies (backed by use cases), where again we might extend this list upon additional proposals):

14:45:59 [AxelPollleres]

* categories of personal data

14:46:00 [AxelPollleres]

* (personal data handling) purposes

14:46:02 [AxelPollleres]

* processing categories

14:46:03 [AxelPollleres]

* categories of data controllers, processors, recipients (optional)

14:46:04 [AxelPollleres]

* storage locations

14:46:05 [AxelPollleres]

* security measures (including e.g. anonymisation "levels", pseudonymisation)

14:46:06 [AxelPollleres]

* storage duration

14:46:31 [stefano]

+q

14:46:40 [Bert]

ack ste

14:47:50 [harsh]

+q

14:47:57 [Bert]

ack ha

14:48:26 [stefano]

Stefano: compliance is not something that you can self-assess and assign to your case

14:49:01 [stefano]

Harsh: some terms related to compliance such as transparence could be relevant to the group

14:49:57 [stefano]

Axel: we need to define what needs to be defined in a machine-readable manner, for his minimalistic view this is not needed at this stage, but if there is a use case for it it can be included

14:50:30 [stefano]

harsh: data subject rights are important, should this be included?

14:50:48 [stefano]

q+

14:51:58 [AxelPollleres]

ISSUE: do we need to formulate a notion of compliance in scope of the CG?

14:51:59 [trackbot]

Created ISSUE-2 - Do we need to formulate a notion of compliance in scope of the cg?. Please complete additional details at <https://www.w3.org/community/dpvcg/track/issues/2/edit>.

14:52:17 [AxelPollleres]

ISSUE: do we want to revisit a definition of "GDPR rights" in our definitions and taxonomies?

14:52:17 [trackbot]

Created ISSUE-3 - Do we want to revisit a definition of "gdpr rights" in our definitions and taxonomies?. Please complete additional details at <https://www.w3.org/community/dpvcg/track/issues/3/edit>.

14:52:28 [Bert]

ack stef

14:53:27 [simonstey]

q+

14:54:00 [AxelPollleres]

stefano: e.g. right to be forgotten, how can it be executed/enforced

14:54:34 [Bert]

ack sim

14:55:35 [stefano]

Simon: there could be ways to express already rights for example in terms of permissions using e.g. ODRL

14:55:48 [Bert]

q?

14:57:28 [stefano]

Javier: how do you want to collect the different items, one per page? Axel: we could think in terms of questions, that should be answered per use case, and give us a start

14:57:36 [harsh]

q+

14:57:45 [AxelPollleres]

Axel: need to run ... I would like to talk about next time on in how far in our use cases we have collected so far cover the aspects we have now agree upon, in terms of concrete questions that should be answred per use case.

14:57:55 [Bert]

ack har

14:58:13 [stefano]

harsh: suggestion for having a small example to get people started

14:58:19 [stefano]

Axel will try to do so

14:58:53 [AxelPollleres]

ACTION: Axel to formulate a use case to exemplify what I proposed today :-) (categorization along the categories and terminology we agreed upon today)

14:58:53 [trackbot]

Created ACTION-24 - Formulate a use case to exemplify what i proposed today :-) (categorization along the categories and terminology we agreed upon today) [on Axel Polleres - due 2018-09-25].

14:59:13 [AxelPollleres]

needed to run, sorry

14:59:17 [AxelPollleres]

thanks all!

14:59:47 [stefano]

Bert ask whether there are more points to discuss, but this is it for today, next call in 2 weeks

15:00:19 [harsh]

thank you && good day : )

15:00:25 [Ramisa]

Thanks

15:05:24 [AxelPollleres]

AxelPollleres has joined #dpvcg

15:14:44 [AxelPollleres]

AxelPollleres has joined #dpvcg

15:28:05 [AxelPollleres]

AxelPollleres has joined #dpvcg

15:40:46 [AxelPollleres]

AxelPollleres has joined #dpvcg

15:44:44 [AxelPollleres]

AxelPollleres has joined #dpvcg

15:54:22 [AxelPollleres]

AxelPollleres has joined #dpvcg

16:05:13 [AxelPollleres]

AxelPollleres has joined #dpvcg

16:29:58 [AxelPollleres]

AxelPollleres has joined #dpvcg

16:37:13 [AxelPollleres]

AxelPollleres has joined #dpvcg

16:43:55 [harsh]

harsh has joined #dpvcg

16:44:13 [AxelPollleres]

AxelPollleres has joined #dpvcg