12:50:22 RRSAgent has joined #dpvcg 12:50:22 logging to https://www.w3.org/2021/12/01-dpvcg-irc 12:50:45 ScribeNick: harsh 12:50:47 Meeting: DPVCG Meeting Call 12:50:50 Chair: harsh 12:50:55 Date: 01 DEC 2021 12:51:00 Agenda: https://lists.w3.org/Archives/Public/public-dpvcg/2021Nov/0006.html 12:51:12 Present: harsh, fajar 13:01:08 Present+: paul, georg 13:01:23 Present+: julian 13:01:44 Present+: inah 13:05:13 Regrets: beatriz 13:09:25 Topic: Presentation on use of DPV in WellFort Project by Fajar 13:10:20 WellFort is an Austrian project for developing a prototype/early-stage regarding privacy-preserving data analysis with auditability using semantic web 13:10:36 It is a 2 year project involving SBA research and TU Wien 13:11:34 Premise is situations where data is preferred to be stored locally (e.g. on device) to lessen compliance loads/obligations/risks 13:12:26 Stakeholders in system include users who give consent 13:13:02 Requirements are to ensure secure storage for sensitive data, manage consent and contribute to studies while preserving anonymity, and verify how their data is being used and by whom 13:13:42 URL for project info (ERCIM newsletter) https://ercim-news.ercim.eu/en126/special/wellfort-a-platform-for-privacy-preserving-data-analysis 13:14:37 *WellFort Platform* 13:17:20 Users upload the data through the app or service, and give consent. This information is stored in a triplestore. 13:18:41 Analyst can request data categories, based on which the Controller sends queries to retrieve this data based on consent given and by matching the related purposes and personal data handling. 13:20:33 Depending on study, data can be utilised as (fully) anonymised or non-anonymised to be used by the Analyst 13:22:24 inah: 1) Are there any semantics that assist with anonymisation? 2) You mentioned users uploading consent, what does this consent contain/entail e.g. what details? 3) What responsibilities are related from this consent? 13:23:14 fajar: For #1 The platform produces the anonymised data, and we're trying to explore/develop relation between anonymised data and original data with semantics (paraphrased) 13:23:30 fajar: For #2 and #3 we use DPV to represent the consent details 13:24:24 georg: The triplestore also stores consent, which can be queried, and which uses DPV. Is this only based on DPV or are there additions? 13:24:45 fajar: We have extended DPV with DCAT and other attributes for representing relations with the dataset 13:27:26 *Dataset description and Consent metadata* 13:27:46 DCAT is used to represent datasets, and DPV is used to denote what personal data categories are utilised in it. 13:28:44 DPV components used for consent: Personal data categories, Processing, Purpose, Recipient (with extensions like Research Organisation) 13:29:08 For representing expiry, the property expiryTime is additionally created with range xsd:dateTime for specific domains of consent and personal data handling 13:30:04 The existing property hasExpiryTime was not used because it needs use of Time vocabulary whereas this work needed XSD 13:32:24 Consent changes are stored in audit log, and the values changed in-place within the triple store to maintain auditing capabilities with practical considerations 13:33:23 URL for WellFort ontology https://w3id.org/wellfort/ns/dpv 13:34:19 * Consent Checking Mechanisms * 13:34:37 Uses SPECIAL's / Piero's OWL2-PL usage policy checking mechanism 13:35:11 Future work consists of exploring use of PLR reasoning by Piero et al as it is faster 13:37:08 URL for repository with work related to SWJ paper https://gitlab.isis.tuwien.ac.at/wellfort/wellfort-swj 13:37:31 DataSHIELD used for Trusted environment https://datashield.org/ 13:39:27 Suggestion/Question to DPV about updates and best-practices available 13:40:16 * Links * 13:40:37 Paper accepted for publication in Semantic Web Journal http://www.semantic-web-journal.net/system/files/swj2883.pdf 13:40:49 * Q&A * 13:42:06 inah: What are the implications of consent? Such as subject rights. And whether these can be represented using the vocabulary. 13:42:36 fajar: This only models the attributes related to matching data categories 13:43:33 inah: Does the user know the purpose the analyst uses or will use? 13:44:08 fajar: User specifies purpose for "research" and when analyst uses a subclass of research, this is permitted 13:50:40 harsh: consent should be modelled as explicit consent ; we're going to remove the boolean property and instead specify classes for which consent would be instantiated 13:50:51 harsh: purpose should not be vague e.g. research, and should contain more context 13:51:00 georg: how does user withdraw consent and how is this represented ? 13:51:06 fajar: we have not modelled this yet 13:52:36 paul: what is the frequency of data uploads / ingestion? 13:52:47 harsh: do users have to give consent for every data being sent? 13:53:06 fajar: this is set by app e.g. daily runs with its own consent or single consent being referenced 13:57:01 paul: how do different organisations work with this ? do they set up their own instances? 15:05:46 fajar: single platform as it allows different companies, especially SMEs to pool data and resources and get better benefits 15:05:51 zakim, bye 15:05:51 leaving. As of this point the attendees have been harsh, fajar, :, paul, georg, julian, inah 15:05:51 Zakim has left #dpvcg 15:06:00 rrsagent, publish minutes v2 15:06:00 I have made the request to generate https://www.w3.org/2021/12/01-dpvcg-minutes.html harsh 15:06:03 rrsagent, set logs world-visible 15:06:18 rrsagent, bye 15:06:18 I see no action items