14:54:20 RRSAgent has joined #dpvcg 14:54:24 logging to https://www.w3.org/2024/07/16-dpvcg-irc 14:54:46 gb has joined #dpvcg 14:55:00 Scribe: harsh 14:55:03 repo: w3c/dpv 14:55:03 OK. 14:55:06 gb, harsh is coolharsh55 14:55:06 harsh, I already had that GitHub account for harsh 14:55:13 Meeting: DPVCG Meeting Call 14:55:18 Present: harshPandit, tyttiRintamaki, julianFlake, delaramGolpayegani, beatrizEsteves 14:55:22 Date: 16 JUL 2024 14:55:26 Agenda: https://www.w3.org/events/meetings/0f0fbb7f-df36-4325-b39b-60e0eac5c8b7/20240717T140000/ 14:55:31 Meeting minutes: https://w3id.org/dpv/meetings 14:55:35 purl for this meeting: https://w3id.org/dpv/meetings/meeting-2024-07-16 14:55:51 Topic: Interpretation of Process 14:56:03 \ See https://lists.w3.org/Archives/Public/public-dpvcg/2024Jul/0006.html 14:56:20 harsh: the email is asking about interpretation of e.g. multiple purposes and multiple data categories occuring in the same process. Interpretation should be all purposes apply to all data categories. To indicate separation i.e. some purposes apply to some data categories, nested processes should be used for separation. E.g. if we want to model a process X which specifies PurposeA applies to Data1, PurposeB applies to Data1 and Data 2, then we will 14:56:20 have process X with nested process X1 for PurposeA and Data1, and X2 for PurposeB and Data1 and Data2. 14:57:51 julianFlake: it would be better to have a property to associate the concepts e.g. purpose, personal data and so on 14:58:17 harsh: we shouldn't have additional properties as we would have to create too many of them e.g. for legal basis and processing 14:58:45 harsh: suggestion is to use nested processes to create units who meaning is based on combination of concepts present in the process 15:00:05 julian: so we would have subprocesses where a process has another process within itself where the subprocesses are processes in their own context 15:03:49 TallTed has joined #dpvcg 15:11:39 julian: this was discussed earlier at some point as well? 15:12:01 harsh: yes, we discussed this and this is the interpretation we have in the examples but it isn't explicitly spelled out 15:12:13 \ discussed - agreed, and add note to the specification explaining this interpretation of processes 15:12:19 Topic: Planning next release 15:12:28 \ see https://github.com/w3c/dpv/milestone/5 for list of issues 15:12:53 \ using github projects to discuss issues https://github.com/users/coolharsh55/projects/4/ 15:14:21 Subtopic: workflow management 15:14:24 #148 15:14:25 https://github.com/w3c/dpv/issues/148 -> CLOSED Issue 148 switch to Gitflow workflow for repo management (by coolharsh55) [help-wanted] [code] [review] 15:15:00 harsh: the workflow going ahead will be based on gitflow where we have a main branch representing the stable work, a dev branch, and then feature branches 15:15:46 harsh: we put things on the main branch after they have been agreed or approved, and we use dev branch to show and discuss things while they are in development, and for individual or separate works we use feature branch e.g. diagrams by julian 15:16:37 harsh: we have 2.1-dev as the current development release based on https://semver.org/ best practices which suggest using a version number instead of just the label dev. We can change the development version number later if desired e.g. 3.0 for a major change. 15:16:49 \ we agreed on this workflow, and closed the issue 15:21:41 Subtopic: archiving DPV 15:21:44 #45 15:21:45 https://github.com/w3c/dpv/issues/45 -> CLOSED Issue 45 Preserving older versions of DPV and other resources (by coolharsh55) [release] 15:22:11 harsh: we have currently dpv deposited in LOV though waiting for extensions to be accepted, and then we have it on Zenodo. Anywhere else to deposit it? 15:22:20 \ no venues identified, issue marked as completed 15:23:27 Subtopic: diagrams for v2 15:23:46 julian: no further updates - all diagrams are present, some minor diagrams being tested out but nothing pending for the specs 15:24:09 harsh: then we can mark this as done as the issue was about updating existing diagrams for v2 - we can continue working on more diagrams in general 15:24:13 #166 15:24:13 https://github.com/w3c/dpv/issues/166 -> CLOSED Issue 166 Update diagrams for v2 (by coolharsh55) [WIP] [docs] [review] 15:24:22 \ issue marked as completed 15:25:54 Subtopic: low priority 15:25:59 #171 15:26:00 https://github.com/w3c/dpv/issues/171 -> Issue 171 Provide consolidated list of legal basis, rights, and other relevant concepts for each jurisdiction (by coolharsh55) [rights] [todo] [legal] 15:26:28 harsh: this was a suggestion from beatriz to provide all legal basis, rights, etc. from laws within a jurisdiction in one place - do we need this? 15:26:39 julian: what would this mean in terms of implementation? sounds confusing 15:27:20 harsh: it would allow something like what we have on the legal page https://w3c.github.io/dpv/2.0/legal/ where we can see different laws and authorities across jurisdictions in one place - just for convenience as the concepts are still declared in their respective namespaces 15:27:30 beatriz: would be useful - but not essential 15:27:49 \ marked as low priority 15:27:57 #36 15:27:57 https://github.com/w3c/dpv/issues/36 -> Issue 36 Expressing preferred policies or templates (by csarven) [help-wanted] [question] 15:28:32 harsh: this was the issue about associating a policy or indicating a preferred one - recent discussion there about interpretation of policies to identify preference / outcome. 15:28:57 beatriz: this is ongoing work in ODRL CG so we should wait for that work to be completed and then build / integrate on it. 15:30:46 Note #36 this is related to ongoing work in ODRL CG - therefore we will wait for that work and reuse / integrate it here 15:30:48 Added -> comment https://github.com/w3c/dpv/issues/36#issuecomment-2231238645 15:31:02 \ issue assigned to beatriz to follow up on 15:32:11 #160 15:32:12 https://github.com/w3c/dpv/issues/160 -> Issue 160 Contributors should reference Agents, not a string literal list of authors (by jeswr) [todo] [docs] [code] 15:32:40 harsh: this is good practice but is not essential, though the amount of code change is substantial as both RDF generation and HTML generation code has to be changed 15:32:51 #147 15:32:52 https://github.com/w3c/dpv/issues/147 -> Issue 147 Create extension EU NIS2 (by coolharsh55) [WIP] [help-wanted] [eu-nis2] 15:32:57 #137 15:32:57 https://github.com/w3c/dpv/issues/137 -> Issue 137 Move code for document/minute generation to another branch (by coolharsh55) [code] 15:33:45 harsh: this proposal (issue 137) is about moving the code folder from the repo main branch into a separate branch so the main branch only contains the outputs and people aren't looking at the csv we use as inputs - not essential 15:34:01 #82 15:34:02 https://github.com/w3c/dpv/issues/82 -> Issue 82 Provide vocabulary to specify purposes and permissions related to AI training (by scottkellum) [help-wanted] [proposal] [AI] 15:34:17 harsh: this was related to providing a way to indicate AI training should not happen on a website 15:34:23 beatriz: would be relevant for ODRL work 15:34:33 delaram: we had the AI ODRL profile that could be relevant here 15:34:58 harsh: realistically, this would be best placed within schema.org - so we identify the concepts and relations and can make a proposal there 15:35:03 #24 15:35:04 https://github.com/w3c/dpv/issues/24 -> Issue 24 Programmatic generation of documentation diagrams (by coolharsh55) [todo] [docs] [help-wanted] 15:35:22 julian: not trivial as diagrams need some control over what concepts are used to produce the diagrams 15:35:30 #139 15:35:30 https://github.com/w3c/dpv/issues/139 -> Issue 139 Provide a 404 page for DPV (by coolharsh55) [todo] [docs] [code] [good first issue] 15:35:42 harsh: trivial and easy to do - will do it at some point when I'm bored and have a bit of time 15:35:48 #26 15:35:49 https://github.com/w3c/dpv/issues/26 -> Issue 26 DPV-ISO providing concepts from ISO terminology and standards (by coolharsh55) [proposal] 15:36:10 harsh: this is related to creating a new ISO extension representing mappings from DPV concepts to ISO terminology e.g. PII and PersonalData and so on. 15:36:26 harsh: also involves creating a vocabulary to represent standards and linking them to DPV concepts e.g. 27560 is for consent records 15:36:48 harsh: would be also helpful to represent specific standards and then use these e.g. indicate which are harmonised standards in the eu extension 15:37:04 beatriz: there is a standard associated with IDSA architecture that is being made an ISO standard 15:37:19 julian: think that is based on an older DIN / German standard - interested in that 15:37:43 harsh: its better to open a separate dedicated issue for that - as this issue is about the ISO extension and mapping of concepts 15:37:47 #129 15:37:48 https://github.com/w3c/dpv/issues/129 -> Issue 129 Move content from W3C wiki to Github wiki, and close W3C wiki (by coolharsh55) [scope] [WIP] [docs] 15:38:04 harsh: easy to do - will be done over time by anyone 15:38:08 #114 15:38:09 https://github.com/w3c/dpv/issues/114 -> Issue 114 In 27560-records, how to identify the latest consent state? (by coolharsh55) [guide] 15:38:19 harsh: this had a bit of discussion but no conclusion - any solutions? 15:38:53 beatriz: this is relevant to work here in Gent, can have a student who will work on this. Also spoke with OSLO folks who have consent vocabulary 15:39:18 \ assigned to beatriz to follow up on 15:39:30 Subtopic: medium priority 15:39:34 #135 15:39:34 https://github.com/w3c/dpv/issues/135 -> Issue 135 Add biometric categories to Personal Data extension (by coolharsh55) [todo] [help-wanted] [personal-data] [good first issue] 15:39:51 harsh: this refers to adding more categories to PD - are there any in AI Act or in DPIA work? 15:40:00 delaram: AI Act mentions some biometrics but no specific list is given 15:40:16 tyttiRintamaki: nothing in DPIA analysis either 15:40:29 harsh: then we will keep this open to get the list of concepts and add them 15:40:34 #138 15:40:35 https://github.com/w3c/dpv/issues/138 -> Issue 138 Add CIA model to Tech/Org measures (by coolharsh55) [todo] [help-wanted] [dpv] 15:41:16 harsh: CIA model refers to infosec where we have Confidentiality, Integrity, and Availability. Having the tech/org measures specifically categorised to one or more of these categories would help select the correct concept. 15:41:36 harsh: data breaches are also categorised along the same concepts - so the cause can be expressed as a lack of some specific category measure 15:41:53 \ accepted the work is relevant 15:42:12 Note #138 work has been accepted and will be started in next version 15:42:13 Added -> comment https://github.com/w3c/dpv/issues/138#issuecomment-2231264788 15:42:30 Note #135 identify what categories are present and add them to PD 15:42:31 Added -> comment https://github.com/w3c/dpv/issues/135#issuecomment-2231265411 15:42:53 Note #114 beatriz to follow up on this from local implementation 15:42:54 Added -> comment https://github.com/w3c/dpv/issues/114#issuecomment-2231266151 15:43:35 #94 15:43:35 https://github.com/w3c/dpv/issues/94 -> Issue 94 Represent Datasheets and Model Cards with DPV (by coolharsh55) [todo] [help-wanted] [AI] 15:43:47 \ assigned to delaram 15:44:01 harsh: this is about taking datasheets and model cards and seeing how to represent them using DPV 15:44:16 delaramGolpayegani: what is the extent of this work? does it start from zero? 15:44:49 harsh: no, we had two EMILDAI students last year who did a mapping from GDPR to fields from these which can be used to which DPV concepts apply and which are needed. Then it will lead to a better version of datasheets and model cards. 15:48:13 #43 15:48:13 https://github.com/w3c/dpv/issues/43 -> Issue 43 Declaring additional axioms for DPV-OWL (by coolharsh55) [help-wanted] [owl] 15:48:43 harsh: would be good to have some assertions e.g. properties are functional or transitive, with more complex assertions stating combinations for subclasses 15:48:46 \ no takers so far 15:48:57 #31 15:48:57 https://github.com/w3c/dpv/issues/31 -> Issue 31 Mappings from DPV to other vocabularies (by coolharsh55) [todo] [help-wanted] 15:49:12 harsh: for ODRL there is a separate issue, so for the other vocabularies what do we need to do? 15:49:22 beatriz: interested in PROV as that is relevant to work here 15:49:26 \ assigned to beatriz 15:49:47 julian: is gist actually used or useful as it is listed here? 15:49:58 beatriz: it provides more details about organisations that is not present in DPV 15:50:07 harsh: an adopter requested it, so we added it to the list 15:50:22 #75 15:50:23 https://github.com/w3c/dpv/issues/75 -> Issue 75 Reuse/Refer to EUROVOC concepts for EU's fundamental rights (by coolharsh55) [rights] [WIP] [help-wanted] [eu-rights] 15:50:49 harsh: this is straightforward to do as it will require providing a link to the eurovoc concept 15:50:54 #89 15:50:55 https://github.com/w3c/dpv/issues/89 -> Issue 89 Multi-lingual labels and descriptions for concepts (by coolharsh55) [todo] [docs] [help-wanted] [code] 15:51:22 harsh: this requires a bit of work, already started on this for v2 but stopped as we didn't have enough manual reviews - will have this for 2.1 15:51:27 #130 15:51:27 https://github.com/w3c/dpv/issues/130 -> Issue 130 Alignment with ODRL (by besteves4) [scope] [WIP] [help-wanted] 15:51:42 beatriz: this is of interest to ODRL CG as well, aim to get this done in the next release 15:52:00 Subtopic: High priority 15:52:07 #123 15:52:08 https://github.com/w3c/dpv/issues/123 -> Issue 123 Add concepts from ENISA SotA Tech/Org Measures (by coolharsh55) [WIP] [help-wanted] [dpv] [eu-nis2] [good first issue] 15:52:41 harsh: this includes measures mentioned in ENISA documents as well as the NIS2 work suggested by Jenni 15:52:50 #110 15:52:51 https://github.com/w3c/dpv/issues/110 -> Issue 110 Add concepts from ISO 22989:2022 AI Terminology (by coolharsh55) [todo] [help-wanted] [AI] [good first issue] 15:52:57 \ assigned to delaram 15:53:28 #111 15:53:28 https://github.com/w3c/dpv/issues/111 -> Issue 111 Model information about legal bases (by coolharsh55) [todo] [help-wanted] [dpv] 15:53:40 harsh: some ongoing work here 15:53:46 #12 15:53:47 https://github.com/w3c/dpv/issues/12 -> Issue 12 Use-Cases and Examples showing how vocab can be used (by coolharsh55) [use-case] [example] [todo] 15:54:15 harsh: important that we have use-cases and examples as best practice ; we have some 70 examples at the moment but need a review to see whether any examples should be provided which aren't 15:54:49 harsh: use-cases are important to show how concepts are produced and where applications of DPV are envisioned ; see e.g. https://www.w3.org/TR/2019/NOTE-dcat-ucr-20190117/ 15:55:00 #48 15:55:01 https://github.com/w3c/dpv/issues/48 -> Issue 48 Specify association between law, authority, and jurisdiction in documentation of respective concepts (by coolharsh55) [legal] [fix-this] 15:56:22 harsh: this is an issue where the relation between law, authority, and jurisdiction is not shown in the HTML e.g. see legal page where only laws are listed 15:56:29 harsh: better to fix this in this version itself 15:56:49 Note #48 fix this in time for 2.0 release 15:56:50 Added -> comment https://github.com/w3c/dpv/issues/48#issuecomment-2231293962 15:56:59 #170 15:56:59 https://github.com/w3c/dpv/issues/170 -> Issue 170 Add Lawfulness concept for each Law/Regulation (by coolharsh55) [todo] [eu-nis2] [eu-aiact] [eu-dga] 15:57:19 harsh: simple to do - add lawfulness and compliant concepts to each law defined 15:57:46 #147 15:57:46 https://github.com/w3c/dpv/issues/147 -> Issue 147 Create extension EU NIS2 (by coolharsh55) [WIP] [help-wanted] [eu-nis2] 15:57:58 harsh: pending work for NIS2 includes adding concepts e.g. authorities, list of critical sectors 15:58:07 #143 15:58:08 https://github.com/w3c/dpv/issues/143 -> Issue 143 Integrate AIRO/VAIR concepts for AI and AI Act vocabulary (by coolharsh55) [todo] [help-wanted] [AI] [eu-aiact] 15:58:22 julian: what is the difference between this and 110 ? 15:58:44 harsh: 110 is about AI extension in general, this is about AIRO/VAIR which are delaram's outputs and how to integrate them 15:59:03 \ assigned to delaram, planned to be completed by September 15:59:22 #126 15:59:22 https://github.com/w3c/dpv/issues/126 -> Issue 126 AI Extension to provide AI-specific concepts (by coolharsh55) [WIP] [help-wanted] [AI] 15:59:42 \ same as above - about AI extension in general, 110 is about ISO standard, 143 is about AIRO/VAIR, this is about the extension overall 15:59:48 #103 15:59:48 https://github.com/w3c/dpv/issues/103 -> Issue 103 Guide for Data Breach (by coolharsh55) [guide] [WIP] [eu-gdpr] 15:59:51 harsh: work in progress 15:59:55 #91 15:59:55 https://github.com/w3c/dpv/issues/91 -> Issue 91 Provide guidance for implementing ISO/IEC 29184 Privacy Notice using DPV (by coolharsh55) [guide] [WIP] [help-wanted] 16:00:09 harsh: working on this right now - hope to have a demo ready for next week about machine-readable notices 16:00:20 #74 16:00:20 https://github.com/w3c/dpv/issues/74 -> Issue 74 Add Risk Management concepts from ISO 31000 series (by coolharsh55) [WIP] [help-wanted] [risk] 16:00:32 harsh: there is some pending proposals about adding in risk management 16:00:37 #66 16:00:38 https://github.com/w3c/dpv/issues/66 -> Issue 66 Provide a Guide on use of DPV for DPIA (by coolharsh55) [WIP] [docs] [eu-gdpr] 16:00:44 harsh: work in progress 16:00:51 \ assigned to tytti 16:01:00 #67 16:01:01 https://github.com/w3c/dpv/issues/67 -> Issue 67 Provide for Guide using DPV for ROPA (by coolharsh55) [WIP] [docs] [eu-gdpr] 16:01:09 harsh: work in progress - based on Paul's PhD work 16:01:14 #63 16:01:15 https://github.com/w3c/dpv/issues/63 -> Issue 63 Add Right Non-fulfilment Justifications for GDPR’s rights (by besteves4) [todo] [eu-gdpr] 16:01:36 harsh: this is about linking non-fulfilment justifications to GDPR rights similar to how legal basis and rights are related 16:01:46 \ assigned to beatriz 16:01:51 #4 16:01:52 https://github.com/w3c/dpv/issues/4 -> Issue 4 Machine-readable requests to execute rights (by coolharsh55) [rights] [guide] [WIP] 16:02:07 harsh: this is about how to exercise a right, what data is needed, how to specify in response identity is needed 16:02:11 beatriz: have work on this 16:02:49 harsh: good paper for JURIX, the CFP is out https://jurix.nl/jurix-2024-call-for-papers/ with deadline SEP-06, conference is on DEC-11 in Brno, Czech 16:02:57 Topic: Next Meeting 16:03:29 \ next meeting will be in 1 week on TUESDAY at 13:30 WEST / 14:40 CEST. Agenda will be continuation of current discussion with any updates on github/mailing list and AOB. 16:03:36 rrsagent, publish minutes v2 16:03:37 I have made the request to generate https://www.w3.org/2024/07/16-dpvcg-minutes.html harsh 16:03:39 rrsagent, set logs world-visible 16:04:10 gb, bye 16:04:10 gb has left #dpvcg 16:04:14 rrsagent, bye 16:04:14 I see no action items