IRC log of dpvcg on 2024-07-16

Timestamps are in UTC.

14:54:20 [RRSAgent]

RRSAgent has joined #dpvcg

14:54:24 [RRSAgent]

logging to https://www.w3.org/2024/07/16-dpvcg-irc

14:54:46 [gb]

gb has joined #dpvcg

14:55:00 [harsh]

Scribe: harsh

14:55:03 [harsh]

repo: w3c/dpv

14:55:03 [gb]

OK.

14:55:06 [harsh]

gb, harsh is coolharsh55

14:55:06 [gb]

harsh, I already had that GitHub account for harsh

14:55:13 [harsh]

Meeting: DPVCG Meeting Call

14:55:18 [harsh]

Present: harshPandit, tyttiRintamaki, julianFlake, delaramGolpayegani, beatrizEsteves

14:55:22 [harsh]

Date: 16 JUL 2024

14:55:26 [harsh]

Agenda: https://www.w3.org/events/meetings/0f0fbb7f-df36-4325-b39b-60e0eac5c8b7/20240717T140000/

14:55:31 [harsh]

Meeting minutes: https://w3id.org/dpv/meetings

14:55:35 [harsh]

purl for this meeting: https://w3id.org/dpv/meetings/meeting-2024-07-16

14:55:51 [harsh]

Topic: Interpretation of Process

14:56:03 [harsh]

\ See https://lists.w3.org/Archives/Public/public-dpvcg/2024Jul/0006.html

14:56:20 [harsh]

harsh: the email is asking about interpretation of e.g. multiple purposes and multiple data categories occuring in the same process. Interpretation should be all purposes apply to all data categories. To indicate separation i.e. some purposes apply to some data categories, nested processes should be used for separation. E.g. if we want to model a process X which specifies PurposeA applies to Data1, PurposeB applies to Data1 and Data 2, then we will

14:56:20 [harsh]

have process X with nested process X1 for PurposeA and Data1, and X2 for PurposeB and Data1 and Data2.

14:57:51 [harsh]

julianFlake: it would be better to have a property to associate the concepts e.g. purpose, personal data and so on

14:58:17 [harsh]

harsh: we shouldn't have additional properties as we would have to create too many of them e.g. for legal basis and processing

14:58:45 [harsh]

harsh: suggestion is to use nested processes to create units who meaning is based on combination of concepts present in the process

15:00:05 [harsh]

julian: so we would have subprocesses where a process has another process within itself where the subprocesses are processes in their own context

15:03:49 [TallTed]

TallTed has joined #dpvcg

15:11:39 [harsh]

julian: this was discussed earlier at some point as well?

15:12:01 [harsh]

harsh: yes, we discussed this and this is the interpretation we have in the examples but it isn't explicitly spelled out

15:12:13 [harsh]

\ discussed - agreed, and add note to the specification explaining this interpretation of processes

15:12:19 [harsh]

Topic: Planning next release

15:12:28 [harsh]

\ see https://github.com/w3c/dpv/milestone/5 for list of issues

15:12:53 [harsh]

\ using github projects to discuss issues https://github.com/users/coolharsh55/projects/4/

15:14:21 [harsh]

Subtopic: workflow management

15:14:24 [harsh]

#148

15:14:25 [gb]

https://github.com/w3c/dpv/issues/148 -> CLOSED Issue 148 switch to Gitflow workflow for repo management (by coolharsh55) [help-wanted] [code] [review]

15:15:00 [harsh]

harsh: the workflow going ahead will be based on gitflow where we have a main branch representing the stable work, a dev branch, and then feature branches

15:15:46 [harsh]

harsh: we put things on the main branch after they have been agreed or approved, and we use dev branch to show and discuss things while they are in development, and for individual or separate works we use feature branch e.g. diagrams by julian

15:16:37 [harsh]

harsh: we have 2.1-dev as the current development release based on https://semver.org/ best practices which suggest using a version number instead of just the label dev. We can change the development version number later if desired e.g. 3.0 for a major change.

15:16:49 [harsh]

\ we agreed on this workflow, and closed the issue

15:21:41 [harsh]

Subtopic: archiving DPV

15:21:44 [harsh]

#45

15:21:45 [gb]

https://github.com/w3c/dpv/issues/45 -> CLOSED Issue 45 Preserving older versions of DPV and other resources (by coolharsh55) [release]

15:22:11 [harsh]

harsh: we have currently dpv deposited in LOV though waiting for extensions to be accepted, and then we have it on Zenodo. Anywhere else to deposit it?

15:22:20 [harsh]

\ no venues identified, issue marked as completed

15:23:27 [harsh]

Subtopic: diagrams for v2

15:23:46 [harsh]

julian: no further updates - all diagrams are present, some minor diagrams being tested out but nothing pending for the specs

15:24:09 [harsh]

harsh: then we can mark this as done as the issue was about updating existing diagrams for v2 - we can continue working on more diagrams in general

15:24:13 [harsh]

#166

15:24:13 [gb]

https://github.com/w3c/dpv/issues/166 -> CLOSED Issue 166 Update diagrams for v2 (by coolharsh55) [WIP] [docs] [review]

15:24:22 [harsh]

\ issue marked as completed

15:25:54 [harsh]

Subtopic: low priority

15:25:59 [harsh]

#171

15:26:00 [gb]

https://github.com/w3c/dpv/issues/171 -> Issue 171 Provide consolidated list of legal basis, rights, and other relevant concepts for each jurisdiction (by coolharsh55) [rights] [todo] [legal]

15:26:28 [harsh]

harsh: this was a suggestion from beatriz to provide all legal basis, rights, etc. from laws within a jurisdiction in one place - do we need this?

15:26:39 [harsh]

julian: what would this mean in terms of implementation? sounds confusing

15:27:20 [harsh]

harsh: it would allow something like what we have on the legal page https://w3c.github.io/dpv/2.0/legal/ where we can see different laws and authorities across jurisdictions in one place - just for convenience as the concepts are still declared in their respective namespaces

15:27:30 [harsh]

beatriz: would be useful - but not essential

15:27:49 [harsh]

\ marked as low priority

15:27:57 [harsh]

#36

15:27:57 [gb]

https://github.com/w3c/dpv/issues/36 -> Issue 36 Expressing preferred policies or templates (by csarven) [help-wanted] [question]

15:28:32 [harsh]

harsh: this was the issue about associating a policy or indicating a preferred one - recent discussion there about interpretation of policies to identify preference / outcome.

15:28:57 [harsh]

beatriz: this is ongoing work in ODRL CG so we should wait for that work to be completed and then build / integrate on it.

15:30:46 [harsh]

Note #36 this is related to ongoing work in ODRL CG - therefore we will wait for that work and reuse / integrate it here

15:30:48 [gb]

Added -> comment https://github.com/w3c/dpv/issues/36#issuecomment-2231238645

15:31:02 [harsh]

\ issue assigned to beatriz to follow up on

15:32:11 [harsh]

#160

15:32:12 [gb]

https://github.com/w3c/dpv/issues/160 -> Issue 160 Contributors should reference Agents, not a string literal list of authors (by jeswr) [todo] [docs] [code]

15:32:40 [harsh]

harsh: this is good practice but is not essential, though the amount of code change is substantial as both RDF generation and HTML generation code has to be changed

15:32:51 [harsh]

#147

15:32:52 [gb]

https://github.com/w3c/dpv/issues/147 -> Issue 147 Create extension EU NIS2 (by coolharsh55) [WIP] [help-wanted] [eu-nis2]

15:32:57 [harsh]

#137

15:32:57 [gb]

https://github.com/w3c/dpv/issues/137 -> Issue 137 Move code for document/minute generation to another branch (by coolharsh55) [code]

15:33:45 [harsh]

harsh: this proposal (issue 137) is about moving the code folder from the repo main branch into a separate branch so the main branch only contains the outputs and people aren't looking at the csv we use as inputs - not essential

15:34:01 [harsh]

#82

15:34:02 [gb]

https://github.com/w3c/dpv/issues/82 -> Issue 82 Provide vocabulary to specify purposes and permissions related to AI training (by scottkellum) [help-wanted] [proposal] [AI]

15:34:17 [harsh]

harsh: this was related to providing a way to indicate AI training should not happen on a website

15:34:23 [harsh]

beatriz: would be relevant for ODRL work

15:34:33 [harsh]

delaram: we had the AI ODRL profile that could be relevant here

15:34:58 [harsh]

harsh: realistically, this would be best placed within schema.org - so we identify the concepts and relations and can make a proposal there

15:35:03 [harsh]

#24

15:35:04 [gb]

https://github.com/w3c/dpv/issues/24 -> Issue 24 Programmatic generation of documentation diagrams (by coolharsh55) [todo] [docs] [help-wanted]

15:35:22 [harsh]

julian: not trivial as diagrams need some control over what concepts are used to produce the diagrams

15:35:30 [harsh]

#139

15:35:30 [gb]

https://github.com/w3c/dpv/issues/139 -> Issue 139 Provide a 404 page for DPV (by coolharsh55) [todo] [docs] [code] [good first issue]

15:35:42 [harsh]

harsh: trivial and easy to do - will do it at some point when I'm bored and have a bit of time

15:35:48 [harsh]

#26

15:35:49 [gb]

https://github.com/w3c/dpv/issues/26 -> Issue 26 DPV-ISO providing concepts from ISO terminology and standards (by coolharsh55) [proposal]

15:36:10 [harsh]

harsh: this is related to creating a new ISO extension representing mappings from DPV concepts to ISO terminology e.g. PII and PersonalData and so on.

15:36:26 [harsh]

harsh: also involves creating a vocabulary to represent standards and linking them to DPV concepts e.g. 27560 is for consent records

15:36:48 [harsh]

harsh: would be also helpful to represent specific standards and then use these e.g. indicate which are harmonised standards in the eu extension

15:37:04 [harsh]

beatriz: there is a standard associated with IDSA architecture that is being made an ISO standard

15:37:19 [harsh]

julian: think that is based on an older DIN / German standard - interested in that

15:37:43 [harsh]

harsh: its better to open a separate dedicated issue for that - as this issue is about the ISO extension and mapping of concepts

15:37:47 [harsh]

#129

15:37:48 [gb]

https://github.com/w3c/dpv/issues/129 -> Issue 129 Move content from W3C wiki to Github wiki, and close W3C wiki (by coolharsh55) [scope] [WIP] [docs]

15:38:04 [harsh]

harsh: easy to do - will be done over time by anyone

15:38:08 [harsh]

#114

15:38:09 [gb]

https://github.com/w3c/dpv/issues/114 -> Issue 114 In 27560-records, how to identify the latest consent state? (by coolharsh55) [guide]

15:38:19 [harsh]

harsh: this had a bit of discussion but no conclusion - any solutions?

15:38:53 [harsh]

beatriz: this is relevant to work here in Gent, can have a student who will work on this. Also spoke with OSLO folks who have consent vocabulary

15:39:18 [harsh]

\ assigned to beatriz to follow up on

15:39:30 [harsh]

Subtopic: medium priority

15:39:34 [harsh]

#135

15:39:34 [gb]

https://github.com/w3c/dpv/issues/135 -> Issue 135 Add biometric categories to Personal Data extension (by coolharsh55) [todo] [help-wanted] [personal-data] [good first issue]

15:39:51 [harsh]

harsh: this refers to adding more categories to PD - are there any in AI Act or in DPIA work?

15:40:00 [harsh]

delaram: AI Act mentions some biometrics but no specific list is given

15:40:16 [harsh]

tyttiRintamaki: nothing in DPIA analysis either

15:40:29 [harsh]

harsh: then we will keep this open to get the list of concepts and add them

15:40:34 [harsh]

#138

15:40:35 [gb]

https://github.com/w3c/dpv/issues/138 -> Issue 138 Add CIA model to Tech/Org measures (by coolharsh55) [todo] [help-wanted] [dpv]

15:41:16 [harsh]

harsh: CIA model refers to infosec where we have Confidentiality, Integrity, and Availability. Having the tech/org measures specifically categorised to one or more of these categories would help select the correct concept.

15:41:36 [harsh]

harsh: data breaches are also categorised along the same concepts - so the cause can be expressed as a lack of some specific category measure

15:41:53 [harsh]

\ accepted the work is relevant

15:42:12 [harsh]

Note #138 work has been accepted and will be started in next version

15:42:13 [gb]

Added -> comment https://github.com/w3c/dpv/issues/138#issuecomment-2231264788

15:42:30 [harsh]

Note #135 identify what categories are present and add them to PD

15:42:31 [gb]

Added -> comment https://github.com/w3c/dpv/issues/135#issuecomment-2231265411

15:42:53 [harsh]

Note #114 beatriz to follow up on this from local implementation

15:42:54 [gb]

Added -> comment https://github.com/w3c/dpv/issues/114#issuecomment-2231266151

15:43:35 [harsh]

#94

15:43:35 [gb]

https://github.com/w3c/dpv/issues/94 -> Issue 94 Represent Datasheets and Model Cards with DPV (by coolharsh55) [todo] [help-wanted] [AI]

15:43:47 [harsh]

\ assigned to delaram

15:44:01 [harsh]

harsh: this is about taking datasheets and model cards and seeing how to represent them using DPV

15:44:16 [harsh]

delaramGolpayegani: what is the extent of this work? does it start from zero?

15:44:49 [harsh]

harsh: no, we had two EMILDAI students last year who did a mapping from GDPR to fields from these which can be used to which DPV concepts apply and which are needed. Then it will lead to a better version of datasheets and model cards.

15:48:13 [harsh]

#43

15:48:13 [gb]

https://github.com/w3c/dpv/issues/43 -> Issue 43 Declaring additional axioms for DPV-OWL (by coolharsh55) [help-wanted] [owl]

15:48:43 [harsh]

harsh: would be good to have some assertions e.g. properties are functional or transitive, with more complex assertions stating combinations for subclasses

15:48:46 [harsh]

\ no takers so far

15:48:57 [harsh]

#31

15:48:57 [gb]

https://github.com/w3c/dpv/issues/31 -> Issue 31 Mappings from DPV to other vocabularies (by coolharsh55) [todo] [help-wanted]

15:49:12 [harsh]

harsh: for ODRL there is a separate issue, so for the other vocabularies what do we need to do?

15:49:22 [harsh]

beatriz: interested in PROV as that is relevant to work here

15:49:26 [harsh]

\ assigned to beatriz

15:49:47 [harsh]

julian: is gist actually used or useful as it is listed here?

15:49:58 [harsh]

beatriz: it provides more details about organisations that is not present in DPV

15:50:07 [harsh]

harsh: an adopter requested it, so we added it to the list

15:50:22 [harsh]

#75

15:50:23 [gb]

https://github.com/w3c/dpv/issues/75 -> Issue 75 Reuse/Refer to EUROVOC concepts for EU's fundamental rights (by coolharsh55) [rights] [WIP] [help-wanted] [eu-rights]

15:50:49 [harsh]

harsh: this is straightforward to do as it will require providing a link to the eurovoc concept

15:50:54 [harsh]

#89

15:50:55 [gb]

https://github.com/w3c/dpv/issues/89 -> Issue 89 Multi-lingual labels and descriptions for concepts (by coolharsh55) [todo] [docs] [help-wanted] [code]

15:51:22 [harsh]

harsh: this requires a bit of work, already started on this for v2 but stopped as we didn't have enough manual reviews - will have this for 2.1

15:51:27 [harsh]

#130

15:51:27 [gb]

https://github.com/w3c/dpv/issues/130 -> Issue 130 Alignment with ODRL (by besteves4) [scope] [WIP] [help-wanted]

15:51:42 [harsh]

beatriz: this is of interest to ODRL CG as well, aim to get this done in the next release

15:52:00 [harsh]

Subtopic: High priority

15:52:07 [harsh]

#123

15:52:08 [gb]

https://github.com/w3c/dpv/issues/123 -> Issue 123 Add concepts from ENISA SotA Tech/Org Measures (by coolharsh55) [WIP] [help-wanted] [dpv] [eu-nis2] [good first issue]

15:52:41 [harsh]

harsh: this includes measures mentioned in ENISA documents as well as the NIS2 work suggested by Jenni

15:52:50 [harsh]

#110

15:52:51 [gb]

https://github.com/w3c/dpv/issues/110 -> Issue 110 Add concepts from ISO 22989:2022 AI Terminology (by coolharsh55) [todo] [help-wanted] [AI] [good first issue]

15:52:57 [harsh]

\ assigned to delaram

15:53:28 [harsh]

#111

15:53:28 [gb]

https://github.com/w3c/dpv/issues/111 -> Issue 111 Model information about legal bases (by coolharsh55) [todo] [help-wanted] [dpv]

15:53:40 [harsh]

harsh: some ongoing work here

15:53:46 [harsh]

#12

15:53:47 [gb]

https://github.com/w3c/dpv/issues/12 -> Issue 12 Use-Cases and Examples showing how vocab can be used (by coolharsh55) [use-case] [example] [todo]

15:54:15 [harsh]

harsh: important that we have use-cases and examples as best practice ; we have some 70 examples at the moment but need a review to see whether any examples should be provided which aren't

15:54:49 [harsh]

harsh: use-cases are important to show how concepts are produced and where applications of DPV are envisioned ; see e.g. https://www.w3.org/TR/2019/NOTE-dcat-ucr-20190117/

15:55:00 [harsh]

#48

15:55:01 [gb]

https://github.com/w3c/dpv/issues/48 -> Issue 48 Specify association between law, authority, and jurisdiction in documentation of respective concepts (by coolharsh55) [legal] [fix-this]

15:56:22 [harsh]

harsh: this is an issue where the relation between law, authority, and jurisdiction is not shown in the HTML e.g. see legal page where only laws are listed

15:56:29 [harsh]

harsh: better to fix this in this version itself

15:56:49 [harsh]

Note #48 fix this in time for 2.0 release

15:56:50 [gb]

Added -> comment https://github.com/w3c/dpv/issues/48#issuecomment-2231293962

15:56:59 [harsh]

#170

15:56:59 [gb]

https://github.com/w3c/dpv/issues/170 -> Issue 170 Add Lawfulness concept for each Law/Regulation (by coolharsh55) [todo] [eu-nis2] [eu-aiact] [eu-dga]

15:57:19 [harsh]

harsh: simple to do - add lawfulness and compliant concepts to each law defined

15:57:46 [harsh]

#147

15:57:46 [gb]

https://github.com/w3c/dpv/issues/147 -> Issue 147 Create extension EU NIS2 (by coolharsh55) [WIP] [help-wanted] [eu-nis2]

15:57:58 [harsh]

harsh: pending work for NIS2 includes adding concepts e.g. authorities, list of critical sectors

15:58:07 [harsh]

#143

15:58:08 [gb]

https://github.com/w3c/dpv/issues/143 -> Issue 143 Integrate AIRO/VAIR concepts for AI and AI Act vocabulary (by coolharsh55) [todo] [help-wanted] [AI] [eu-aiact]

15:58:22 [harsh]

julian: what is the difference between this and 110 ?

15:58:44 [harsh]

harsh: 110 is about AI extension in general, this is about AIRO/VAIR which are delaram's outputs and how to integrate them

15:59:03 [harsh]

\ assigned to delaram, planned to be completed by September

15:59:22 [harsh]

#126

15:59:22 [gb]

https://github.com/w3c/dpv/issues/126 -> Issue 126 AI Extension to provide AI-specific concepts (by coolharsh55) [WIP] [help-wanted] [AI]

15:59:42 [harsh]

\ same as above - about AI extension in general, 110 is about ISO standard, 143 is about AIRO/VAIR, this is about the extension overall

15:59:48 [harsh]

#103

15:59:48 [gb]

https://github.com/w3c/dpv/issues/103 -> Issue 103 Guide for Data Breach (by coolharsh55) [guide] [WIP] [eu-gdpr]

15:59:51 [harsh]

harsh: work in progress

15:59:55 [harsh]

#91

15:59:55 [gb]

https://github.com/w3c/dpv/issues/91 -> Issue 91 Provide guidance for implementing ISO/IEC 29184 Privacy Notice using DPV (by coolharsh55) [guide] [WIP] [help-wanted]

16:00:09 [harsh]

harsh: working on this right now - hope to have a demo ready for next week about machine-readable notices

16:00:20 [harsh]

#74

16:00:20 [gb]

https://github.com/w3c/dpv/issues/74 -> Issue 74 Add Risk Management concepts from ISO 31000 series (by coolharsh55) [WIP] [help-wanted] [risk]

16:00:32 [harsh]

harsh: there is some pending proposals about adding in risk management

16:00:37 [harsh]

#66

16:00:38 [gb]

https://github.com/w3c/dpv/issues/66 -> Issue 66 Provide a Guide on use of DPV for DPIA (by coolharsh55) [WIP] [docs] [eu-gdpr]

16:00:44 [harsh]

harsh: work in progress

16:00:51 [harsh]

\ assigned to tytti

16:01:00 [harsh]

#67

16:01:01 [gb]

https://github.com/w3c/dpv/issues/67 -> Issue 67 Provide for Guide using DPV for ROPA (by coolharsh55) [WIP] [docs] [eu-gdpr]

16:01:09 [harsh]

harsh: work in progress - based on Paul's PhD work

16:01:14 [harsh]

#63

16:01:15 [gb]

https://github.com/w3c/dpv/issues/63 -> Issue 63 Add Right Non-fulfilment Justifications for GDPR’s rights (by besteves4) [todo] [eu-gdpr]

16:01:36 [harsh]

harsh: this is about linking non-fulfilment justifications to GDPR rights similar to how legal basis and rights are related

16:01:46 [harsh]

\ assigned to beatriz

16:01:51 [harsh]

#4

16:01:52 [gb]

https://github.com/w3c/dpv/issues/4 -> Issue 4 Machine-readable requests to execute rights (by coolharsh55) [rights] [guide] [WIP]

16:02:07 [harsh]

harsh: this is about how to exercise a right, what data is needed, how to specify in response identity is needed

16:02:11 [harsh]

beatriz: have work on this

16:02:49 [harsh]

harsh: good paper for JURIX, the CFP is out https://jurix.nl/jurix-2024-call-for-papers/ with deadline SEP-06, conference is on DEC-11 in Brno, Czech

16:02:57 [harsh]

Topic: Next Meeting

16:03:29 [harsh]

\ next meeting will be in 1 week on TUESDAY at 13:30 WEST / 14:40 CEST. Agenda will be continuation of current discussion with any updates on github/mailing list and AOB.

16:03:36 [harsh]

rrsagent, publish minutes v2

16:03:37 [RRSAgent]

I have made the request to generate https://www.w3.org/2024/07/16-dpvcg-minutes.html harsh

16:03:39 [harsh]

rrsagent, set logs world-visible

16:04:10 [harsh]

gb, bye

16:04:10 [gb]

gb has left #dpvcg

16:04:14 [harsh]

rrsagent, bye

16:04:14 [RRSAgent]

I see no action items