11:57:40 <RRSAgent> RRSAgent has joined #dpvcg
11:57:40 <RRSAgent> logging to https://www.w3.org/2021/10/13-dpvcg-irc
11:58:05 <harsh> ScribeNick: harsh
11:58:08 <harsh> Meeting: DPVCG Meeting Call
11:58:48 <harsh> Chair: harsh
11:59:01 <harsh> Agenda: https://lists.w3.org/Archives/Public/public-dpvcg/2021Oct/0007.html
11:59:42 <harsh> Date: 13 OCT 2021
12:03:15 <harsh> Present: harsh, paul, georg
12:03:58 <harsh> present+: julian
12:05:55 <harsh> Topic: DPV Personal Data Category naming
12:05:58 <harsh> see https://github.com/w3c/dpv/issues/27
12:07:46 <harsh> Changing PersonalDataCategory to PersonalData --> big change, needs to be taken up with all on mailing list
12:08:05 <harsh> for prefixing or suffixing concepts ; proposal is Historical --> HistoricalData
12:08:40 <harsh> present+: beatriz
12:10:07 <harsh> georg: related to issue regarding whether the naming should also reflect whether something is personal data, after anonymising, etc.
12:11:18 <harsh> paul: what is the origin of these names?
12:13:07 <harsh> harsh: EnterPrivacy taxonomy, and in SPECIAL there were separate vocabs for each concept e.g. personal data category
12:16:14 <harsh> harsh: a better example is perhaps Location as personal data, but also relevant in recipient and data storage where it is a separate concept
12:22:52 <harsh> Two options we have: separate vocabularies - to minimise compatibility issues, we can move just the personal data categories; OR add prefix/suffix to data categories
12:23:01 <harsh> beatriz: both are fine
12:23:08 <harsh> paul: one single vocab would be preferable
12:23:26 <harsh> georg: one single vocab is the selling point / attraction for DPV
12:23:39 <harsh> julian: one view or vocab is preferable
12:28:13 <harsh> We have option to prefix PD as a suggestion
12:28:32 <harsh> georg: Do we limit this to PD or also expand with other requests such as EyeColourDataSensitive?
12:28:41 <harsh> harsh: only for PD, for sensitive we have subclass
12:28:59 <harsh> No objections to prefixing with PD
12:30:08 <harsh> Topic: Should DPV provide Constraints/Permissions/Prohibitions?
12:30:14 <harsh> See https://github.com/w3c/dpv/issues/18
12:30:27 <harsh> See https://github.com/EBISPOT/DUO
12:34:24 <harsh> beatriz: would be better to use ODRL since it has rights and constraints handling by design and purpose
12:34:44 <harsh> harsh: there is value in lightweight concepts, which can be further expressed using ODRL
12:36:47 <harsh> We consider this of interest, and needing further thought. Beatriz will be the technical evaluator to express critique.
12:36:57 <harsh> Topic: Personal data characteristics: collection method (direct, inferred), sensitivity, (pseudo-)anonymisation
12:39:08 <harsh> Collection method (direct, inferred) -> is of interest; propose concepts for review
12:39:38 <harsh> Sensitivity - proposal to have this as subclass of PersonaDataCategory and parent class of SpecialCategories
12:45:38 <harsh> georg: are they the same? see. Rec 10
12:49:23 <harsh> harsh: they should be different, Sensitive is a larger set, e.g. EDPB considers Location as sensitive but it is not Special
12:49:34 <harsh> agreement that Sensitivity can be added to DPV
12:50:08 <harsh> Anonymisation and Pseudo-anonymisation (along with levels, methods) are in interest. As in anonymised and pseudo-anonymised data. To provide concepts for review.
12:50:15 <harsh> Topic: Technology / Implementation details e.g. storage mechanism, use of cookies
12:50:24 <harsh> Agreement that this is of interest, and should be added
12:50:56 <harsh> Proposal is to have a separate concept for technology (or technological implementation) for associating how something else in DPV is implemented e.g. data storage in cloud storage or database
12:51:06 <harsh> Topic: Privacy Policy and related concepts
12:51:23 <harsh> see https://lists.w3.org/Archives/Public/public-dpvcg/2021Oct/0003.html for sources and SotA
12:51:35 <harsh> see https://lists.w3.org/Archives/Public/public-dpvcg/2021Oct/0005.html for spreadsheet with concept proposals by Georg
12:51:49 <harsh> (shared screen by Georg showing mind map of privacy policy concepts)
12:55:38 <harsh> concepts being discussed - publishing data, duration (start and end of effect) can be represented using DCT or DCAT as relevant
13:02:06 <harsh> georg: how to number/identify specific personal data handling instances in a privacy policy
13:02:19 <harsh> We stop the discussion here due to time limits.
13:02:23 <harsh> Topic: Next Meeting
13:02:43 <harsh> We will meet again on WED OCT-27 13:00 WEST / 14:00 CEST
13:02:55 <harsh> Discussion will take place asynchronously on the mailing list / elsewhere meanwhile
13:03:24 <harsh> Agenda for next call will contain continuation of today's discussion on privacy policy concepts
13:03:27 <harsh> zakim, bye
13:03:27 <Zakim> leaving.  As of this point the attendees have been harsh, paul, georg, :, julian, beatriz
13:03:27 <Zakim> Zakim has left #dpvcg
13:03:39 <harsh> rrsagent, publish minutes v2
13:03:39 <RRSAgent> I have made the request to generate https://www.w3.org/2021/10/13-dpvcg-minutes.html harsh
13:03:42 <harsh> rrsagent, set logs world-visible
13:04:25 <harsh> rrsagent, bye
13:04:25 <RRSAgent> I see no action items