diff --git a/code/minutes-generator/data/meeting-2024-02-21.irc b/code/minutes-generator/data/meeting-2024-02-21.irc new file mode 100644 index 000000000..f3bbed842 --- /dev/null +++ b/code/minutes-generator/data/meeting-2024-02-21.irc @@ -0,0 +1,39 @@ +20:08:55 RRSAgent has joined #dpvcg +20:09:03 Scribe: harsh +20:09:10 Meeting: DPVCG Meeting Call +20:09:13 Chair: harsh +20:09:23 Present: harsh, delaram, ted georg, beatriz +20:10:04 Regrets: iain, tytti +20:09:37 Date: 21 FEB 2024 +20:09:50 Agenda: https://www.w3.org/events/meetings/31f00434-f01b-431d-a9d9-4ef690dd7c6d/20240221T150000/ +20:09:57 Meeting minutes: https://w3id.org/dpv/meetings +20:10:04 purl for this meeting: https://w3id.org/dpv/meetings/meeting-2024-02-21 +20:10:04 Topic: Age Verification +20:10:04 https://github.com/w3c/dpv/issues/128 -> Issue 128 Add dpv:AgeVerification as a purpose concept (by besteves4) +20:10:04 accepted concept +20:10:04 Topic: GDPR Rights Justifications +20:10:04 https://github.com/w3c/dpv/issues/63 -> Issue 63 Add Right Non-fulfilment Justifications for GDPR’s rights (by besteves4) +20:10:04 beatriz: okay with the structure, but more rights and justifications - discussion on whether/how we model them. +20:10:04 beatriz: (email FEB-16) going through the mentioned rights to see justifications, going through GDPR for more justifications. Article 34 - some justifications there as well for Communication of a personal data breach to the data subject. Article 23 - right to be informed about restrictions. Article 27. We don't have anything from Article 78 and 79 - judicial rememdies. Article 22-3 “the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision. +20:10:04 georg: Article 34(3) has justifications for why the breach was not communicated. These are justifications used in compliance but do not need to be communicated. So we should +20:10:04 georg: Article 23(3-h) - what is the justification here? +20:10:04 beatriz: Should we model the 'right' mentioned here? +20:10:04 \ discussion - no, this is a right as in the implementing act in national law +20:10:04 beatriz: Adding Art. 77-79 as 3 three additional rights to GDPR extension. +20:10:04 georg: Art.22.3 “the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision”? +20:10:04 harsh: 22-1 is the right, 22-3 refers to the same right +20:10:04 georg: 22-2 is the three justifications for 22-1 +20:10:04 harsh: 22-3 and 22-4 are specific restrictions on the justifications in 22-2, so we don't necessarily need them as separate justifications - we can wait for case law and AG opinions to evaluate our interpreations are correct before we model them e.g. 22-4 can be justifications for use of special categories +20:10:04 Topic: AI Act +20:10:04 https://github.com/w3c/dpv/issues/106 -> Issue 106 Propose concepts from the AI Act (by coolharsh55) +20:10:04 delaram: these are concepts from Article 3, the rest of the Act is to be modeled +20:10:04 georg: post from Dr. Laura who is Senior Policy Advisor at EU Parliament comparing AI Act and GDPR in terms of no of articles and recitals https://www.linkedin.com/posts/dr-laura-caroli-0a96a8a_aiact-activity-7166016973645037568-pA4A?utm_source=share&utm_medium=member_desktop +20:10:04 delaram: definitions are not expected to change, clause numbering may change. Working on AIRO and VAIR at the moment, to be added here (AI Act extension) once that is done. +20:10:04 harsh: where do we put them in DPV vocabularies? How do we proceed? Do we take AI Act? Or go through specific topics e.g. putting AI in deployment? +20:10:04 delaram: would be better to look at all related concepts together in one place +20:10:04 beatriz: does AI system go in tech? +20:10:04 delaram: yes, the general concept will go in tech and the AI Act specific definition will go into the AI Act extension +20:10:04 harsh: interested in Annex III high-risk clause analysis, and connecting it with GDPR's DPIA. Tytti is also doing this kind of work and would be interested in this. +20:10:04 Topic: Next Meeting +20:10:04 \ Next meeting will be in 1 week, on WED FEB-28 15:00 WET / 16:00 CET. +20:10:04 \ Topics for discussion are updates on DPV v2, github repo and issues, rights exercise, discussion on AI Act, and Tech/AI vocabulary. \ No newline at end of file diff --git a/meetings/index.html b/meetings/index.html index 653903c7a..57de185f4 100644 --- a/meetings/index.html +++ b/meetings/index.html @@ -13,6 +13,7 @@

DPVCG Meeting Minutes

See W3C DPVCG Calendar for upcoming meetings, agenda, and joining instructions.

    +
  1. DPVCG Meeting 21 February 2024 Wednesday
  2. DPVCG Meeting 14 February 2024 Wednesday
  3. DPVCG Meeting 07 February 2024 Wednesday
  4. DPVCG Meeting 31 January 2024 Wednesday
    5. diff --git a/meetings/meeting-2024-02-21.html b/meetings/meeting-2024-02-21.html new file mode 100644 index 000000000..92f69c571 --- /dev/null +++ b/meetings/meeting-2024-02-21.html @@ -0,0 +1,103 @@ + + + + +DPVCG Meeting Call – 21 FEB 2024 + + + + + + + + + + +
    +

    W3C

    + +

    DPVCG Meeting Call

    +

    21 FEB 2024

    + + +
    + +
    +
    +

    Attendees

    +
    +
    Present
    beatriz, delaram, harsh, ted georg
    +
    Regrets
    iain, tytti
    +
    Chair
    harsh
    +
    Scribe
    harsh
    +
    +
    + + +
    + +
    +

    Meeting minutes

    +

    Meeting minutes: https://w3id.org/dpv/meetings

    +

    purl for this meeting: https://w3id.org/dpv/meetings/meeting-2024-02-21

    +
    + +
    +

    Age Verification

    +

    <ghurlbot> Issue 128 Add dpv:AgeVerification as a purpose concept (by besteves4)

    +

    accepted concept

    +
    + +
    +

    GDPR Rights Justifications

    +

    <ghurlbot> Issue 63 Add Right Non-fulfilment Justifications for GDPR’s rights (by besteves4)

    +

    beatriz: okay with the structure, but more rights and justifications - discussion on whether/how we model them.

    +

    beatriz: (email FEB-16) going through the mentioned rights to see justifications, going through GDPR for more justifications. Article 34 - some justifications there as well for Communication of a personal data breach to the data subject. Article 23 - right to be informed about restrictions. Article 27. We don't have anything from Article 78 and 79 - judicial rememdies. Article 22-3 “the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.

    +

    georg: Article 34(3) has justifications for why the breach was not communicated. These are justifications used in compliance but do not need to be communicated. So we should

    +

    georg: Article 23(3-h) - what is the justification here?

    +

    beatriz: Should we model the 'right' mentioned here?

    +

    discussion - no, this is a right as in the implementing act in national law

    +

    beatriz: Adding Art. 77-79 as 3 three additional rights to GDPR extension.

    +

    georg: Art.22.3 “the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision”?

    +

    harsh: 22-1 is the right, 22-3 refers to the same right

    +

    georg: 22-2 is the three justifications for 22-1

    +

    harsh: 22-3 and 22-4 are specific restrictions on the justifications in 22-2, so we don't necessarily need them as separate justifications - we can wait for case law and AG opinions to evaluate our interpreations are correct before we model them e.g. 22-4 can be justifications for use of special categories

    +
    + +
    +

    AI Act

    +

    <ghurlbot> Issue 106 Propose concepts from the AI Act (by coolharsh55)

    +

    delaram: these are concepts from Article 3, the rest of the Act is to be modeled

    +

    georg: post from Dr. Laura who is Senior Policy Advisor at EU Parliament comparing AI Act and GDPR in terms of no of articles and recitals https://www.linkedin.com/posts/dr-laura-caroli-0a96a8a_aiact-activity-7166016973645037568-pA4A?utm_source=share&utm_medium=member_desktop

    +

    delaram: definitions are not expected to change, clause numbering may change. Working on AIRO and VAIR at the moment, to be added here (AI Act extension) once that is done.

    +

    harsh: where do we put them in DPV vocabularies? How do we proceed? Do we take AI Act? Or go through specific topics e.g. putting AI in deployment?

    +

    delaram: would be better to look at all related concepts together in one place

    +

    beatriz: does AI system go in tech?

    +

    delaram: yes, the general concept will go in tech and the AI Act specific definition will go into the AI Act extension

    +

    harsh: interested in Annex III high-risk clause analysis, and connecting it with GDPR's DPIA. Tytti is also doing this kind of work and would be interested in this.

    +
    + +
    +

    Next Meeting

    +

    Next meeting will be in 1 week, on WED FEB-28 15:00 WET / 16:00 CET.

    +

    Topics for discussion are updates on DPV v2, github repo and issues, rights exercise, discussion on AI Act, and Tech/AI vocabulary.

    +
    +
    + + +
    Minutes manually created (not a transcript), formatted by scribe.perl version 217 (Fri Apr 7 17:23:01 2023 UTC).
    + + +