Meeting minutes
Discussion on proposals
(harsh joined later at 14:30 CEST)
The group (paul,georg,beatriz,nishad) discussed proposals for DPIA, Rights, Risks and Rules. They agree that this is of interest and should be taken into scope. Regarding Rules, there is consensus on providing "high level concepts" without creating too much of an overlap with ODRL.
Decisions
The *DPIA concepts* will be in a separate extension, preferably under dpv-gdpr to acknowledge that DPIAs are part of GDPR. In the future, this can be extended with other forms of privacy or data protection impact assessments in the same or different extension.
The *Risk concepts*, which are also required in DPIA, will be a separate extensions as risks will also be needed in other assessments and processes including those that are not in scope of DPVCG. This will be a separate extension under DPV (rather than DPV-GDPR). The focus will be to provide a lightweight model for associating and expressing risk information, based on relevant and recent ISO standardisation.
The *Rights concepts*, which currently include the EU Charter of Fundamental Rights, will be provided as a vocabulary for convenience - similar to the NACE taxonomy. It will be a collection of any and all legally accepted/provided rights, not necessarily limited to privacy and data protection. However, the group will focus on those that are immediately relevant to scope and participant interests, while invitations for adding any other form of
rights, e.g. from a different jurisdiction, are welcome and suggested. The rights will be expressed according to where they are defined or recognised, for e.g. clearly indicating "EU" + "fundamental" rights within the vocabulary. We do not seek to create philosophical models of what rights are supposed to be, but only provide concepts relevant e.g. to state an impact to them.
The DPIA and/or risks vocabulary can provide specific risks and mitigations as appropriate and available.
Next Meeting
We will meet again in a week, on 29 JUN 13:00 WEST / 14:00 CEST.