Skip to content

Commit

Permalink
minutes for 01 MAY 2024
Browse files Browse the repository at this point in the history
  • Loading branch information
@coolharsh55
coolharsh55 committed May 6, 2024
1 parent 23ee72b commit 842dae3
Show file tree
Hide file tree
Showing 3 changed files with 201 additions and 0 deletions.
56 changes: 56 additions & 0 deletions code/minutes-generator/data/meeting-2024-05-01.irc
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
20:08:55 <RRSAgent> RRSAgent has joined #dpvcg
20:09:03 <harsh> Scribe: harshPandit
20:09:23 <harsh> ScribeNick: harsh
20:09:10 <harsh> Meeting: DPVCG Meeting Call
20:09:13 <harsh> Chair: harsh
20:09:23 <harsh> Present: harshPandit, tyttiRintamaki, paulRyan, delaramGolpayegani, steveHickman, iainHenderson, georgKrog, alexJarju, victorLopezJuarez, jenniParry, robBrennan
20:09:37 <harsh> Date: 01 MAY 2024
20:09:50 <harsh> Agenda: https://www.w3.org/events/meetings/31f00434-f01b-431d-a9d9-4ef690dd7c6d/20240501T150000/
20:10:04 <harsh> Meeting minutes: https://w3id.org/dpv/meetings
20:10:04 <harsh> purl for this meeting: https://w3id.org/dpv/meetings/meeting-2024-05-01
20:09:23 <harsh> \ introductions - alexJarju, victorLopezJuarez, jenniParry, robBrennan
20:09:23 <harsh> Topic: Justifications
20:10:04 <ghurlbot> https://github.com/w3c/dpv/issues/63 -> Issue 63 Add Right Non-fulfilment Justifications for GDPR’s rights (by coolharsh55)
20:09:23 <harsh> \ georg and paul have looked through the spreadsheet and have comments - to be resolved with/when beatriz is available
20:09:23 <harsh> Topic: Human Involvement
20:10:04 <ghurlbot> https://github.com/w3c/dpv/issues/108 -> Issue 108 Revise Automation and HumanInvolvement concepts (by coolharsh55)
20:09:23 <harsh> \ Discussed Automation concepts from last meeting - okay to continue with `ReverseOutput` and `reverseEffects` as two distinct concepts.
20:09:23 <harsh> Topic: Controls
20:10:04 <ghurlbot> https://github.com/w3c/dpv/issues/115 -> Issue 115 Add Measures for Obtain, Withdraw, etc. for Consent and other Actions (by coolharsh55)
20:09:23 <harsh> \ Discussed and okay to continue with general controls as the alternative would be too many specific controls
20:09:23 <harsh> Topic: AI Act
20:09:23 <ghurlbot> https://github.com/w3c/dpv/issues/106 -> Issue 106 Propose concepts from the AI Act (by coolharsh55)
20:09:23 <harsh> delaram: what's the best way forward for this work? In approx. 1 month can propose existing work of AIRO and VAIR to be integrated in DPV. Specific concepts need discussion and prioritisation - risk management, FRIA, conformity. Specific roles e.g. Notified Body. Question on whether these would be entities linked to GDPR.
20:09:23 <harsh> Topic: AI extension
20:09:23 <ghurlbot> https://github.com/w3c/dpv/issues/126 -> Issue 126 AI Extension to provide AI-specific concepts (by coolharsh55)
20:09:23 <harsh> \ using ISO 22989 and AIRO/VAIR to populate this extension
20:09:23 <harsh> Topic: v2 release schedule
20:09:23 <harsh> harsh: had originally planned to complete this by April end, but we are a few tasks short of this. New goal would be end of May - am confident we can get it done by then.
20:09:23 <harsh> harsh: tasks left are rights (will email georg, paul, and beatriz), documentation update, and landing page; and then the data breach guide for which the existing paper is sufficient.
20:09:23 <harsh> Topic: NIS2 ontology
20:09:23 <ghurlbot> https://github.com/w3c/dpv/issues/123 -> Issue 123 Add concepts from ENISA SotA Tech/Org Measures (by coolharsh55)
20:09:23 <harsh> \ jenniParry presenting their project (with robBrennan) at UCD, Dublin on comparing ISO 27001 and ENISA guidelines with DPV to identify which concepts are missing
20:09:23 <harsh> \ slides shared on mailing list (MAY-02) - https://lists.w3.org/Archives/Public/public-dpvcg/2024May/0000.html
20:09:23 <harsh> jenniParry: research question is how effective is DPV in meeting NIS2 requirements
20:09:23 <harsh> jenniParry: proposing NIS2V ontology that provides ISO controls for DPV
20:09:23 <harsh> jenniParry: findings - 101 27001 controls of which 89 are unique, 30 ENISA controls. Used the january version of DPV which has since changed
20:09:23 <harsh> jenniParry: ENISA used 2013 version of 27001 whereas DPV mapping used the recent 2022 publication, there are changes e.g. Threat Intelligence (27001:2022)
20:09:23 <harsh> georgKrog: NIS2 introduces new cybersecurity measures and they have to do a mapping +2/-2 levels upstream/downstream. So mapping should be done between 27001 and DORA as it is more comprehensive than NIS2
20:09:23 <harsh> jenniParry: DORA is for financial regulation whereas NIS2 is general, hence the focus
20:09:23 <harsh> robBrennan: DORA might be a good source for further refinement for the complex terms
20:09:23 <harsh> paulRyan: what are the next steps?
20:09:23 <harsh> jenniParry: continue building the ontology and then a question based tool for each control to determine maturity score
20:09:23 <harsh> georgKrog: if a service is produced or delivered using different technologies will this work for each technology?
20:09:23 <harsh> jenniParry: don't know yet
20:09:23 <harsh> robBrennan: won't solve every term
20:09:23 <harsh> harsh: what are the 24 missing terms from DPV that you found? Can you open a Github issue or share them so we know if we are missing anything major?
20:09:23 <harsh> Topic: P7012 and Human extension
20:09:23 <harsh> iainHenderson: P7012 is for individuals to initiate agreements on their terms. This is from customer commons, which is like creative commons but for customer oriented agreements. For this we need from DPV specific data, purposes, etc. which I will share requests for
20:09:23 <harsh> steveHickman: who is working on the standard?
20:09:23 <harsh> iainHenderson: Doc Searls would be the most well known, but there are many others. Standard is close to going to ballot state in a month.
20:09:23 <harsh> iainHenderson: human extension in DPV for individual oriented concepts is being proposed from the meeting with harsh today in DCU
20:09:23 <harsh> Topic: Paper on Consent Records
20:09:23 <harsh> harsh: submitted paper to Annual Privacy Forum https://privacyforum.eu/ by reusing the existing guide for implementing ISO/IEC 27560 consent records and receipts. See preprint https://osf.io/preprints/osf/3utx8 Also talks about wallets, GDPR, and DGA
20:09:23 <harsh> georgKrog: submit to the Commission
20:09:23 <harsh> Topic: Next meeting
20:09:23 <harsh> \ The next meeting will be in 1 week on WED 08 May 14:00 WEST / 15:00 CEST. Agenda continued from today's discussions.
1 change: 1 addition & 0 deletions meetings/index.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
<h1>DPVCG Meeting Minutes</h1>
<p>See <a href="https://www.w3.org/groups/cg/dpvcg/calendar">W3C DPVCG Calendar</a> for upcoming meetings, agenda, and joining instructions.</p>
<ol reversed>
<li><a href="https://w3id.org/dpv/meetings/meeting-2024-05-01.html">DPVCG Meeting 01 May 2024 Wednesday</a></li>
<li><a href="https://w3id.org/dpv/meetings/meeting-2024-04-24.html">DPVCG Meeting 24 April 2024 Wednesday</a></li>
<li><a href="https://w3id.org/dpv/meetings/meeting-2024-04-17.html">DPVCG Meeting 17 April 2024 Wednesday</a></li>
<li><a href="https://w3id.org/dpv/meetings/meeting-2024-04-10.html">DPVCG Meeting 10 April 2024 Wednesday</a></li>
Expand Down
144 changes: 144 additions & 0 deletions meetings/meeting-2024-05-01.html
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,144 @@
<!DOCTYPE html>
<html lang=en>
<head>
<meta charset=utf-8>
<title>DPVCG Meeting Call &ndash; 01 MAY 2024</title>
<meta name=viewport content="width=device-width">
<link rel="stylesheet" type="text/css" title="2018" href="https://www.w3.org/StyleSheets/scribe2/public.css">
<link rel="alternate stylesheet" type="text/css" title="2004" href="https://www.w3.org/StyleSheets/base.css">
<link rel="alternate stylesheet" type="text/css" title="2004" href="https://www.w3.org/StyleSheets/public.css">
<link rel="alternate stylesheet" type="text/css" title="2004" href="https://www.w3.org/2004/02/minutes-style.css">
<link rel="alternate stylesheet" type="text/css" title="Fancy" href="https://www.w3.org/StyleSheets/scribe2/fancy.css">
<link rel="alternate stylesheet" type="text/css" title="Typewriter" href="https://www.w3.org/StyleSheets/scribe2/tt-member.css">
</head>

<body>
<header>
<p><a href="https://www.w3.org/"><img src="https://www.w3.org/StyleSheets/TR/2016/logos/W3C" alt=W3C border=0 height=48 width=72></a></p>

<h1>DPVCG Meeting Call</h1>
<h2>01 MAY 2024</h2>

<nav id=links>
<a href="https://www.w3.org/events/meetings/31f00434-f01b-431d-a9d9-4ef690dd7c6d/20240501T150000/"><img alt="Agenda." title="Agenda" src="https://www.w3.org/StyleSheets/scribe2/chronometer.png"></a>
</nav>
</header>

<div id=prelims>
<div id=attendees>
<h2>Attendees</h2>
<dl class=intro>
<dt>Present</dt><dd>alexJarju, delaramGolpayegani, georgKrog, harshPandit, iainHenderson, jenniParry, paulRyan, robBrennan, steveHickman, tyttiRintamaki, victorLopezJuarez</dd>
<dt>Regrets</dt><dd>-</dd>
<dt>Chair</dt><dd>harsh</dd>
<dt>Scribe</dt><dd>harsh, harshPandit</dd>
</dl>
</div>

<nav id=toc>
<h2>Contents</h2>
<ol>
<li><a href="#t01">Justifications</a></li>
<li><a href="#t02">Human Involvement</a></li>
<li><a href="#t03">Controls</a></li>
<li><a href="#t04">AI Act</a></li>
<li><a href="#t05">AI extension</a></li>
<li><a href="#t06">v2 release schedule</a></li>
<li><a href="#t07">NIS2 ontology</a></li>
<li><a href="#t08">P7012 and Human extension</a></li>
<li><a href="#t09">Paper on Consent Records</a></li>
<li><a href="#t10">Next meeting</a></li>
</ol>
</nav>
</div>

<main id=meeting class=meeting>
<h2>Meeting minutes</h2>
<section><p id=x008 class=summary>Meeting minutes: <a href="https://w3id.org/dpv/meetings">https://<wbr>w3id.org/<wbr>dpv/<wbr>meetings</a></p>
<p id=x009 class=summary>purl for this meeting: <a href="https://w3id.org/dpv/meetings/meeting-2024-05-01">https://<wbr>w3id.org/<wbr>dpv/<wbr>meetings/<wbr>meeting-2024-05-01</a></p>
<p id=x010 class=summary> introductions - alexJarju, victorLopezJuarez, jenniParry, robBrennan</p>
</section>

<section>
<h3 id=t01>Justifications</h3>
<p id=x012 class=bot><cite>&lt;ghurlbot&gt;</cite> <strong><a href="https://github.com/w3c/dpv/issues/63">Issue 63</a></strong> Add Right Non-fulfilment Justifications for GDPR’s rights (by coolharsh55)</p>
<p id=x013 class=summary> georg and paul have looked through the spreadsheet and have comments - to be resolved with/when beatriz is available</p>
</section>

<section>
<h3 id=t02>Human Involvement</h3>
<p id=x015 class=bot><cite>&lt;ghurlbot&gt;</cite> <strong><a href="https://github.com/w3c/dpv/issues/108">Issue 108</a></strong> Revise Automation and HumanInvolvement concepts (by coolharsh55)</p>
<p id=x016 class=summary> Discussed Automation concepts from last meeting - okay to continue with <code>ReverseOutput</code> and <code>reverseEffects</code> as two distinct concepts.</p>
</section>

<section>
<h3 id=t03>Controls</h3>
<p id=x018 class=bot><cite>&lt;ghurlbot&gt;</cite> <strong><a href="https://github.com/w3c/dpv/issues/115">Issue 115</a></strong> Add Measures for Obtain, Withdraw, etc. for Consent and other Actions (by coolharsh55)</p>
<p id=x019 class=summary> Discussed and okay to continue with general controls as the alternative would be too many specific controls</p>
</section>

<section>
<h3 id=t04>AI Act</h3>
<p id=x021 class=bot><cite>&lt;ghurlbot&gt;</cite> <strong><a href="https://github.com/w3c/dpv/issues/106">Issue 106</a></strong> Propose concepts from the AI Act (by coolharsh55)</p>
<p id=x022 class="phone s01"><cite>delaram:</cite> what's the best way forward for this work? In approx. 1 month can propose existing work of AIRO and VAIR to be integrated in DPV. Specific concepts need discussion and prioritisation - risk management, FRIA, conformity. Specific roles e.g. Notified Body. Question on whether these would be entities linked to GDPR.</p>
</section>

<section>
<h3 id=t05>AI extension</h3>
<p id=x024 class=bot><cite>&lt;ghurlbot&gt;</cite> <strong><a href="https://github.com/w3c/dpv/issues/126">Issue 126</a></strong> AI Extension to provide AI-specific concepts (by coolharsh55)</p>
<p id=x025 class=summary> using ISO 22989 and AIRO/VAIR to populate this extension</p>
</section>

<section>
<h3 id=t06>v2 release schedule</h3>
<p id=x027 class="phone s02"><cite>harsh:</cite> had originally planned to complete this by April end, but we are a few tasks short of this. New goal would be end of May - am confident we can get it done by then.</p>
<p id=x028 class="phone s02"><cite>harsh:</cite> tasks left are rights (will email georg, paul, and beatriz), documentation update, and landing page; and then the data breach guide for which the existing paper is sufficient.</p>
</section>

<section>
<h3 id=t07>NIS2 ontology</h3>
<p id=x030 class=bot><cite>&lt;ghurlbot&gt;</cite> <strong><a href="https://github.com/w3c/dpv/issues/123">Issue 123</a></strong> Add concepts from ENISA SotA Tech/Org Measures (by coolharsh55)</p>
<p id=x031 class=summary> jenniParry presenting their project (with robBrennan) at UCD, Dublin on comparing ISO 27001 and ENISA guidelines with DPV to identify which concepts are missing</p>
<p id=x032 class=summary> slides shared on mailing list (MAY-02) - <a href="https://lists.w3.org/Archives/Public/public-dpvcg/2024May/0000.html">https://<wbr>lists.w3.org/<wbr>Archives/<wbr>Public/<wbr>public-dpvcg/<wbr>2024May/<wbr>0000.html</a></p>
<p id=x033 class="phone s03"><cite>jenniParry:</cite> research question is how effective is DPV in meeting NIS2 requirements</p>
<p id=x034 class="phone s03"><cite>jenniParry:</cite> proposing NIS2V ontology that provides ISO controls for DPV</p>
<p id=x035 class="phone s03"><cite>jenniParry:</cite> findings - 101 27001 controls of which 89 are unique, 30 ENISA controls. Used the january version of DPV which has since changed</p>
<p id=x036 class="phone s03"><cite>jenniParry:</cite> ENISA used 2013 version of 27001 whereas DPV mapping used the recent 2022 publication, there are changes e.g. Threat Intelligence (27001:2022)</p>
<p id=x037 class="phone s04"><cite>georgKrog:</cite> NIS2 introduces new cybersecurity measures and they have to do a mapping +2/-2 levels upstream/downstream. So mapping should be done between 27001 and DORA as it is more comprehensive than NIS2</p>
<p id=x038 class="phone s03"><cite>jenniParry:</cite> DORA is for financial regulation whereas NIS2 is general, hence the focus</p>
<p id=x039 class="phone s05"><cite>robBrennan:</cite> DORA might be a good source for further refinement for the complex terms</p>
<p id=x040 class="phone s06"><cite>paulRyan:</cite> what are the next steps?</p>
<p id=x041 class="phone s03"><cite>jenniParry:</cite> continue building the ontology and then a question based tool for each control to determine maturity score</p>
<p id=x042 class="phone s04"><cite>georgKrog:</cite> if a service is produced or delivered using different technologies will this work for each technology?</p>
<p id=x043 class="phone s03"><cite>jenniParry:</cite> don't know yet </p>
<p id=x044 class="phone s05"><cite>robBrennan:</cite> won't solve every term</p>
<p id=x045 class="phone s02"><cite>harsh:</cite> what are the 24 missing terms from DPV that you found? Can you open a Github issue or share them so we know if we are missing anything major?</p>
</section>

<section>
<h3 id=t08>P7012 and Human extension</h3>
<p id=x047 class="phone s07"><cite>iainHenderson:</cite> P7012 is for individuals to initiate agreements on their terms. This is from customer commons, which is like creative commons but for customer oriented agreements. For this we need from DPV specific data, purposes, etc. which I will share requests for</p>
<p id=x048 class="phone s08"><cite>steveHickman:</cite> who is working on the standard?</p>
<p id=x049 class="phone s07"><cite>iainHenderson:</cite> Doc Searls would be the most well known, but there are many others. Standard is close to going to ballot state in a month.</p>
<p id=x050 class="phone s07"><cite>iainHenderson:</cite> human extension in DPV for individual oriented concepts is being proposed from the meeting with harsh today in DCU</p>
</section>

<section>
<h3 id=t09>Paper on Consent Records</h3>
<p id=x052 class="phone s02"><cite>harsh:</cite> submitted paper to Annual Privacy Forum <a href="https://privacyforum.eu/">https://<wbr>privacyforum.eu/</a> by reusing the existing guide for implementing ISO/IEC 27560 consent records and receipts. See preprint <a href="https://osf.io/preprints/osf/3utx8">https://<wbr>osf.io/<wbr>preprints/<wbr>osf/<wbr>3utx8</a> Also talks about wallets, GDPR, and DGA</p>
<p id=x053 class="phone s04"><cite>georgKrog:</cite> submit to the Commission</p>
</section>

<section>
<h3 id=t10>Next meeting</h3>
<p id=x055 class=summary> The next meeting will be in 1 week on WED 08 May 14:00 WEST / 15:00 CEST. Agenda continued from today's discussions.</p>
</section>
</main>


<address>Minutes manually created (not a transcript), formatted by <a
href="https://w3c.github.io/scribe2/scribedoc.html"
>scribe.perl</a> version 217 (Fri Apr 7 17:23:01 2023 UTC).</address>

</body>
</html>

0 comments on commit 842dae3

Please sign in to comment.