21:59:15 <RRSAgent> RRSAgent has joined #dpvcg
21:59:15 <RRSAgent> logging to https://www.w3.org/2022/05/25-dpvcg-irc
21:59:26 <Zakim> Zakim has joined #dpvcg
21:59:30 <harsh> ScribeNick: harsh
21:59:32 <harsh> Meeting: DPVCG Meeting Call
21:59:35 <harsh> Chair: harsh
21:59:44 <harsh> Present: harsh, georg, paul, julian, beatriz
21:59:51 <harsh> Date: 25 MAY 2022
22:00:04 <harsh> Agenda: https://lists.w3.org/Archives/Public/public-dpvcg/2022May/0002.html
22:00:54 <harsh> Note -> Today is GDPR's 6th anniversary since publication, and 4th since enforcement. Happy GDPR Day!
22:01:06 <harsh> Topic: Technology Concepts
22:03:20 <harsh> In the previous meeting, we stopped the discussion where technology concepts were to be re-ordered to better align with the Processing taxonomy. In this meeting, we continue that discussion.
22:03:45 <harsh> georg: Why separate technology? It would be better to have this written down as explanation / motivation.
22:05:10 <harsh> Note to write technology extension text specifying: 1) Why we need separation of concepts 2) Relation with Tech/Org Measures 3) Modelling capability vs concept of technology 4) Benefits regarding providing expandable concepts in terms of taxonomy as well as ontological model separate from DPV and 5) Better aligning with sources such as ENISA and ISO
22:05:32 <harsh> Harsh presents a different structure for the taxonomy
22:06:19 <harsh> Top concepts `DataTechnology` and `ProcessingTechnology` that represent technologies acting on data and technologies performing or enabling processing
22:07:02 <harsh> These are further expanded as: Data - (same as processing) DataUseTechnology, DataStorageTechnology, etc. Processing - Application, Device, VM, Server, etc. - anything on which processing happens or takes place.
22:07:34 <harsh> These two can be combined to specify things such as Server (processing) for Storage (data) as `DataStorageServer`
22:08:28 <harsh> Service and Product etc. as _market defined terms_ are removed from scope. Instead, the focus is on modelling how these represent a model of utilising technology, i.e. standalone app or software or a subscription that is continous or sporadically used
22:09:49 <harsh> Terms for actors regarding technology - `TechnologyProvider` for who provides it, `TechnologyDeveloper` for who develops it, `TechnologyUser` for who uses it, `TechnologySubject` for upon whom it is used. These terms are directly related to those defined within the AI Act i.e. AIProvider etc.
22:10:52 <harsh> The location where a technology is applied or used is separated as the concept `TechnologyLocation` to specify things such as on device, on a server, some specific geographical location
22:11:36 <harsh> Technologies which provide only an algorithm are specified as `AlgorithmicTechnology` and those that only provide management are `ManagementTechnology`.
22:12:32 <harsh> A `TechnologicalSystem` is a technology provided as a system e.g. software or app - it is sufficiently complete on its own, `TechnologicalComponent` is a technology provided as a component - e.g. plugin or script or library.
22:13:13 <harsh> The communication performed by technologies is represented by `CommunicationMechanism` which specifies how technologies communicate e.g. internet connectivity, wifi, bluetooth, etc.
22:14:07 <harsh> To associate technologies with specific concepts in DPV, e.g. processor or TOMS or actors, the property `relatedTo` is provided as a hint or guidance for where that technology can be useful
22:14:26 <harsh> georg: In all these, Data Security should be a priority for modelling based on practical needs
22:14:41 <harsh> julian: PETs (Privacy Enhancing Technologies) should also be modelled
22:14:49 <harsh> There was a discussion on Data Security vs Data Safety
22:15:24 <harsh> We discussed technologies based on how security, safety, and risk management is performed.
22:15:41 <harsh> Current proposal is to have SecurityTechnology with subconcepts for SecurityTech - Detection, Prevention, Mitigation, Monitoring
22:16:15 <harsh> Where detection refers to identifying vulnerabilities, prevention is preventing those from being exploited, mitigation is reducing impact, and monitoring is identifying if those have taken place
22:16:28 <harsh> Topic: Next Meeting
22:16:44 <harsh> We will meet again in one week, JUN-01 WED 14:00 CEST
22:17:09 <harsh> We will continue the discussion on technologies. This proposal will be cleaned up, organised, and shared by Harsh on the mailing list.
22:17:11 <harsh> zakim, bye
22:17:11 <Zakim> leaving.  As of this point the attendees have been harsh, georg, paul, julian, beatriz
22:17:11 <Zakim> Zakim has left #dpvcg
22:17:17 <harsh> rrsagent, publish minutes v2
22:17:17 <RRSAgent> I have made the request to generate https://www.w3.org/2022/05/25-dpvcg-minutes.html harsh
22:17:19 <harsh> rrsagent, set logs world-visible
22:18:10 <harsh> rrsagent, bye
22:18:10 <RRSAgent> I see no action items