11:57:51 <RRSAgent> RRSAgent has joined #dpvcg
11:57:51 <RRSAgent> logging to https://www.w3.org/2022/03/30-dpvcg-irc
11:57:54 <harsh> ScribeNick: harsh
11:57:56 <harsh> Meeting: DPVCG Meeting Call
11:58:00 <harsh> Chair: harsh
11:58:13 <harsh> Agenda: https://lists.w3.org/Archives/Public/public-dpvcg/2022Mar/0021.html
11:58:19 <harsh> Date: 30 MAR 2022
11:59:21 <harsh> Regrets: georg
12:04:33 <harsh> Present: paul, beatriz, harsh, mark
12:08:06 <harsh> Topic: Consequence and Impact concepts
13:04:20 <harsh> Last week we discussed concepts related to Consequences and Impacts, see minutes -> https://www.w3.org/2022/03/23-dpvcg-minutes.html
13:04:34 <harsh> No further comments or objections on acceptance of those
13:05:16 <harsh> Regarding Negative Impacts i.e. Harms, the proposal is to distinguish 'Damage' with further specification as 'Material' and 'Non-Material' given their importance in legal proceedings and investigations.
13:06:24 <harsh> Regarding Consequence, we currently have distinction between consequences arising from success or failure of a context. In cases where neither is applicable, i.e. consequence happens in due course of something without it being intended directly, the proposal is to specify this as `ConsequenceAsSideEffect`.
13:06:57 <harsh> These concepts were discussed and accepted. The concepts related to risk and consequences have been structured in to a _Risk_ module in the documentation.
13:07:45 <harsh> mark: For consequence as side effect, would this be useful to denote consequence of data stored in another country -> yes, it can be used for that with further extensions/specific expression
13:08:08 <harsh> Topic: Extension for Jurisdictions, Laws, and DPAs
13:09:53 <harsh> The proposal (FEB-24) https://lists.w3.org/Archives/Public/public-dpvcg/2022Feb/0006.html suggested a separate extension (`dpv-tech`) providing locations (e.g. countries) as jurisdictions with links to relevant laws and DPAs.
13:10:17 <harsh> The data is here https://github.com/coolharsh55/dpv-x/tree/master/dpv-juris and had the review period until MAR-31
13:11:25 <harsh> As of now, it contains all countries (based on ISO and UN lists), EU memberships (EU27 and EU28), and expression of GDPR and its applicability in terms of being linked to each of the enforced areas as applicable law, and the relevant Data Protection Authority for each jurisdiction (including German Federal States).
13:12:44 <harsh> The term _juris_ has an issue in terms of being also used by several law-related firms and companies. To avoid this, we rename this to `dpv-legal`.
13:12:47 <harsh> These concepts were discussed and accepted. They will be published as "Extension for Jurisdictions, Laws, and Authorities" with prefix `dpv-legal`.
13:13:36 <harsh> For further expansion, we welcome proposals and contributions. Contributors who wish to expand this data can provide their input by referring to existing data e.g. similar country, law, or authority structure.
13:14:05 <harsh> Contributors can utilise the existing list of sources https://github.com/coolharsh55/dpv-x/blob/master/dpv-juris/sources.md to add more concepts/data to this extension.
13:14:17 <harsh> Topic: Extension for Technologies
13:14:34 <harsh> See https://lists.w3.org/Archives/Public/public-dpvcg/2022Mar/0010.html for proposal regarding modelling technologies
13:15:11 <harsh> There is no existing ready-to-adopt list/hierarchy that we can use. Therefore this proposal is opinionated and is based on common use of technologies e.g. for storage, processing, etc.
13:15:53 <harsh> In this, there is an overlap between the technologies and technical measures. This is resolved as follows. The technical measures as a theoretical or abstract notation for a measure/process that is used to secure/safeguard data. A technology is the implementation that achieves this.
13:16:49 <harsh> There will be overlaps between both, e.g. security can be both technology and technical measure based on what is being done. In this case, it is fine to define them as both, though ideally it would be beneficial to separate them to indicate distinction between a measure and an implementation.
13:17:25 <harsh> paul: So would the pseudo-anonymisation algorithm used be a technology or a technical measure?
13:17:51 <harsh> harsh: The algorithm itself would be the measure, but its a theoretical measure, but its implementation would be a technology e.g. in some system or as code.
13:18:31 <harsh> We welcome contributions for the more technologies.
13:18:35 <harsh> Topic: Data Subject Categories
13:20:40 <harsh> We have a list of proposed data subject categories. Of these, the proposal is to select those that are common and useful to lots of use-cases, and provide them in DPV.
13:21:24 <harsh> Examples include - Adult, Patient, Employee, Citizen, Consumer and so on.
13:22:50 <harsh> We have discussed acceptance of - `NaturalPerson` as the parent concept of other data subject concepts, `Adult` as the counter to `Child`, `Patient`, `Employee`, `Student`, `Citizen`, `NonCitizen`, `Immigrant`.
13:23:03 <harsh> We have discussed non-acceptance of - `Tourist`
13:23:21 <harsh> We have discussed more discussions needed regarding `Customer` and `Consumer` and the distinction between these two
13:23:28 <harsh> Topic: Next Meeting
13:23:44 <harsh> We will continue discussion on proposed concepts regarding technologies and data subjects in the next meeting.
13:23:55 <harsh> It will take place on APR-06 14:00 CEST.
13:23:58 <harsh> zakim, bye
13:23:58 <Zakim> leaving.  As of this point the attendees have been paul, beatriz, harsh, mark
13:23:58 <Zakim> Zakim has left #dpvcg
13:24:05 <harsh> rrsagent, publish minutes v2
13:24:05 <RRSAgent> I have made the request to generate https://www.w3.org/2022/03/30-dpvcg-minutes.html harsh
13:24:08 <harsh> rrsagent, set logs world-visible
13:24:28 <harsh> rrsagent, bye
13:24:28 <RRSAgent> I see no action items