Meeting minutes
Note -> Today is GDPR's 6th anniversary since publication, and 4th since enforcement. Happy GDPR Day!
Technology Concepts
In the previous meeting, we stopped the discussion where technology concepts were to be re-ordered to better align with the Processing taxonomy. In this meeting, we continue that discussion.
georg: Why separate technology? It would be better to have this written down as explanation / motivation.
Note to write technology extension text specifying: 1) Why we need separation of concepts 2) Relation with Tech/Org Measures 3) Modelling capability vs concept of technology 4) Benefits regarding providing expandable concepts in terms of taxonomy as well as ontological model separate from DPV and 5) Better aligning with sources such as ENISA and ISO
Harsh presents a different structure for the taxonomy
Top concepts `DataTechnology` and `ProcessingTechnology` that represent technologies acting on data and technologies performing or enabling processing
These are further expanded as: Data - (same as processing) DataUseTechnology, DataStorageTechnology, etc. Processing - Application, Device, VM, Server, etc. - anything on which processing happens or takes place.
These two can be combined to specify things such as Server (processing) for Storage (data) as `DataStorageServer`
Service and Product etc. as _market defined terms_ are removed from scope. Instead, the focus is on modelling how these represent a model of utilising technology, i.e. standalone app or software or a subscription that is continous or sporadically used
Terms for actors regarding technology - `TechnologyProvider` for who provides it, `TechnologyDeveloper` for who develops it, `TechnologyUser` for who uses it, `TechnologySubject` for upon whom it is used. These terms are directly related to those defined within the AI Act i.e. AIProvider etc.
The location where a technology is applied or used is separated as the concept `TechnologyLocation` to specify things such as on device, on a server, some specific geographical location
Technologies which provide only an algorithm are specified as `AlgorithmicTechnology` and those that only provide management are `ManagementTechnology`.
A `TechnologicalSystem` is a technology provided as a system e.g. software or app - it is sufficiently complete on its own, `TechnologicalComponent` is a technology provided as a component - e.g. plugin or script or library.
The communication performed by technologies is represented by `CommunicationMechanism` which specifies how technologies communicate e.g. internet connectivity, wifi, bluetooth, etc.
To associate technologies with specific concepts in DPV, e.g. processor or TOMS or actors, the property `relatedTo` is provided as a hint or guidance for where that technology can be useful
georg: In all these, Data Security should be a priority for modelling based on practical needs
julian: PETs (Privacy Enhancing Technologies) should also be modelled
There was a discussion on Data Security vs Data Safety
We discussed technologies based on how security, safety, and risk management is performed.
Current proposal is to have SecurityTechnology with subconcepts for SecurityTech - Detection, Prevention, Mitigation, Monitoring
Where detection refers to identifying vulnerabilities, prevention is preventing those from being exploited, mitigation is reducing impact, and monitoring is identifying if those have taken place
Next Meeting
We will meet again in one week, JUN-01 WED 14:00 CEST
We will continue the discussion on technologies. This proposal will be cleaned up, organised, and shared by Harsh on the mailing list.