12:00:32 <RRSAgent> RRSAgent has joined #dpvcg
12:00:32 <RRSAgent> logging to https://www.w3.org/2022/04/06-dpvcg-irc
12:00:35 <harsh> ScribeNick: harsh
12:00:37 <harsh> Meeting: DPVCG Meeting Call
12:00:39 <harsh> Chair: harsh
12:00:48 <harsh> Date: 06 APR 2022
12:01:34 <harsh> Agenda: https://lists.w3.org/Archives/Public/public-dpvcg/2022Apr/0000.html
12:03:52 <harsh> Present: harsh, paul, georg
12:05:21 <harsh> Present+: beatriz
12:07:14 <harsh> Topic: DPV v0.5 published
12:17:09 <harsh> Present+: mark
12:19:32 <harsh> Present+: julian
13:56:31 <harsh> DPV link -> https://w3id.org/dpv/
13:56:41 <harsh> This version contains concepts accepted until 02 APR
13:57:14 <harsh> It also contains the DPV-LEGAL extension -> https://www.w3id.org/dpv/dpv-legal that provides locations as jurisdictions, along with laws and authorities, and models EU-EEA memberships and EU Adequacy decisions
14:30:01 <harsh> Topic: Data Subject Categories
14:34:56 <Zakim> Zakim has left #dpvcg
15:23:20 <harsh> Concepts accepted as subclasses of `DataSubject` -> `Patient`, `Employee`, `Student`, `Citizen`, `NonCitizen`, `Immigrant`, `Tourist`, `Customer`, `Consumer`, `User`, `JobApplicant`, `Visitor`, `Member`, `Applicant`, `Subscriber`, `Client`, `Participant`
15:23:52 <harsh> Concepts discussed and rejected as subclasses of `DataSubject` -> `Trainees`, `ServiceUser`, `WebsiteUser`, `WebsiteVisitor`
15:24:09 <harsh> georg: How to express vulnerability of VulnerableDataSubject?
15:25:09 <harsh> harsh: the vulnerability can be associated using a property e.g. `hasVulnerability` but this is contextual because that vulnerability can only exist in specific use-cases. Additionally, every data subject category has an associated property e.g. _Consumer_ has `hasProvider` as the relation, or _Employee_ has `hasEmployer`
15:25:47 <harsh> harsh: The concepts for vulnerability i.e. properties and specific types of vulnerabilities can be provided as a proposal, and we may decide to put them in an extension
15:26:59 <harsh> Discussion on _Customer_ vs _Consumer_ differences took place, with agreement that they are distinct concepts (i.e. not subclasses of either). Discussion on _Customer_ also being a business-to-business relationship took place, with agreement that the context of its use within DPV as a data subject category is clear.
15:27:49 <harsh> georg: The _Customer_ separation for Data Subject and Organisation type could be handled in a similar manner as that of Legal Roles providing a specific list in Entities taxonomy
15:28:16 <harsh> harsh: Yes, we could add `CustomerOrganisation` as a category in the Organisation type list, but B2B concepts are not in scope for DPV
15:28:50 <harsh> Discussion on similarities between _User_, _Consumer_, and _Subscriber_ took place with agreement that they are distinct.
15:29:15 <harsh> mark: Raised an issue with the use of the word "user" as a term
15:29:38 <harsh> (Due to poor audio connection, the discussion did not complete. Mark is invited to send the objection to the mailing list for discussion)
15:31:04 <harsh> Discussion on _ServiceUser_ being the covered by _User_, and _WebsiteUser_ also similarly being covered by _User_ (as well as _WebsiteVisitor_ being covered by _Visitor_) took place. The agreement to not involve these was reached with the notion that specifying _user_ in some context e.g. personal data handling for a service is sufficient to indicate it refers to users of that service.
15:31:27 <harsh> If there is a need to denote specific users or visitors e.g. of a specific service or a website, then the adopter is required to subclass/instantiate these concepts as necessary.
15:31:40 <harsh> Topic: Technologies
15:32:14 <harsh> We intend to provide an opinionated list by end of April, with a good coverage of the top-level terms. This will be the first version, and iterations can continue to expand it.
15:32:20 <harsh> Proposals for more concepts are invited.
15:32:24 <harsh> Topic: DPV Future
15:33:30 <harsh> The existing wiki page -> https://www.w3.org/community/dpvcg/wiki/DPV_future specifies topics we've decided for DPV v1 to include
15:33:40 <harsh> Discussion took place on topics and involvement of personnel.
15:34:03 <harsh> Harsh is involved in ROPA related concepts along with Paul and Rob, and will be presenting work next week / soon.
15:34:24 <harsh> Harsh is involved in ISO/IEC 27560 consent record and will be presenting a proposal on adding concepts to DPV based on it soon.
15:34:51 <harsh> Harsh and Georg have interest in providing risk assessment and management concepts in general
15:35:54 <harsh> Harsh and Georg will be working on DPIA related concepts based on risk assessment and core requirements
15:39:41 <harsh> Georg and Harsh are interested in adding Data Breach concepts
15:41:15 <harsh> Beatriz and Harsh are interested in working on creating SHACL shapes for providing guidelines on DPV use
15:43:22 <harsh> Beatriz raised the requirement to have mappings with other vocabularies, especially ODRL
15:43:53 <harsh> Georg mentioned exercising Rights e.g. information to be provided for Subject Access Request, or exercising them using specific PDH instances
15:44:17 <harsh> Georg mentioned use of DPV in Controller-Processor or Processor-Processor or Controller-Controller agreements as specifying activities to be conducted
15:45:42 <harsh> rrsagent, publish minutes v2
15:45:42 <RRSAgent> I have made the request to generate https://www.w3.org/2022/04/06-dpvcg-minutes.html harsh
15:45:46 <harsh> rrsagent, set logs world-visible
15:46:56 <harsh> rrsagent, bye
15:46:56 <RRSAgent> I see no action items