W3C

– DRAFT –
DPVCG Meeting Call

18 AUG 2022

Attendees

Present
georg, harsh, julian, paul
Regrets
-
Chair
harsh
Scribe
harsh

Meeting minutes

Presentation of DPV at SEMANTiCS

See email https://lists.w3.org/Archives/Public/public-dpvcg/2022Aug/0003.html for outline of presentation

Harsh will be presented DPV at SEMANTiCS conference industry track on SEP-14 10:30

Review of updated consent and documentation

See email https://lists.w3.org/Archives/Public/public-dpvcg/2022Aug/0002.html

Concepts and documentation has been updated for existing DPV modules as well as new modules and extensions - rights, consent, risk

Regarding consequences, the concept `ImpactToRights` will have two specialisations regarding Preventing Exercising of Right and Violation of Right.

Adding standards and guidelines for DPV concepts

See email https://lists.w3.org/Archives/Public/public-dpvcg/2022Jul/0004.html

The group agrees that such provision of standards and guidelines associated with DPV's concepts would be useful

The focus would be on ISO standards and relevant guidelines e.g. DPAs, EDPB, etc.

For starting this work, the scope would be to provide a simple listing as proposed in the email and enable contribution e.g. provide some fields that can be populated in a spreadsheet and automated to generate documentation.

The use of these collected information would be to generate different views or documentations, e.g. for a given DPV concepts - what standards and guidelines are relevant; or list of standards and guidelines and what DPV concepts they relate to

Exercising Rights

georg: There is a need for specifying how rights are exercised, where to exercise them, what is provided and what is required. The DPAs would also like to see this implemented.

These can include information about how Subject Access Requests are provided, responded to, etc. The necessary information needed for this is in addition to descriptions of processing - which existing DPV concepts are related to.

One way to implement these is to provide a rights specific vocabulary within the `rights` extension that currently provides EU fundamental rights. This vocabulary can relate to describing how a right is to be exercised or availed of, what information is needed to do so, what information is provided in a response.

The implementation of specific rights, e.g. GDPR's data portability - will be in specific extensions - in this case dpv-gdpr

This can be additional concepts within dpv-gdpr, or guidance on how to implement rights through dedicated pages such as the one to be provided for DPIA

georg: GDPR's Art.10 related to legal basis for public institutions should be added to dpv-gdpr

The concept A10 has been proposed to be added to dpv-gdpr

Next Meeting

We will meet again in one week, AUG-24 13:00 WEST / 14:00 CEST

Minutes manually created (not a transcript), formatted by scribe.perl version 192 (Tue Jun 28 16:55:30 2022 UTC).