-
Notifications
You must be signed in to change notification settings - Fork 26
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
24066dd
commit dd419be
Showing
3 changed files
with
233 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,68 @@ | ||
| 14:54:20 <RRSAgent> RRSAgent has joined #dpvcg | ||
| 20:09:03 <harsh> Scribe: harshPandit | ||
| 20:09:23 <harsh> ScribeNick: harsh | ||
| 14:55:03 <harsh> repo: w3c/dpv | ||
| 14:55:13 <harsh> Meeting: DPVCG Meeting Call | ||
| 14:55:18 <harsh> Present: harshPandit, tyttiRintamaki, paulRyan, delaramGolpayegani, iainHenderson, georgKrog, julianFlake, markLizar | ||
| 14:55:18 <harsh> Regrets: julioHernandez | ||
| 14:55:22 <harsh> Date: 10 SEP 2024 | ||
| 14:55:26 <harsh> Agenda: https://www.w3.org/events/meetings/0e21485e-d959-4f78-930a-bd66650adace/20240910T133000/ | ||
| 14:55:31 <harsh> Meeting minutes: https://w3id.org/dpv/meetings | ||
| 14:55:35 <harsh> purl for this meeting: https://w3id.org/dpv/meetings/meeting-2024-09-10 | ||
| 14:55:18 <harsh> \ Noted AOB item from delaram | ||
| 14:55:18 <harsh> delaramGolpayegani: what is the connection between data in DPV and dataset in DCAT? | ||
| 14:55:18 <harsh> harsh: they are similar concepts and you can use both of them together e.g. something is an instance of `dpv:Data` and `dcat:Dataset`, but not good to combine them in terms of relationships e.g. subclass relationship as differen _datasets_ can contain same _data_, or _data_ can contain multiple _datasets_. | ||
| 14:55:18 <harsh> Topic: Legal Basis | ||
| 20:10:04 <ghurlbot> https://github.com/w3c/dpv/issues/111 -> Issue 111 Model information about legal bases (by coolharsh55) | ||
| 14:55:18 <harsh> Subtopic: Contract | ||
| 14:55:18 <harsh> \ no comments or changes identified - accepted the concepts as discussed in previous minutes | ||
| 14:55:18 <harsh> Subtopic: Other Legal Basis | ||
| 14:55:18 <harsh> \ no comments or changes identified - accepted the concepts | ||
| 14:55:18 <harsh> \ For legal basis concepts, they are accepted in principle. | ||
| 14:55:18 <harsh> ACTION: Add legal basis concepts to DPV | ||
| 14:55:18 <harsh> Topic: Rules | ||
| 14:55:18 <harsh> \ concepts to model rule fulfilment as statuses, aligned with concepts from contract clause fulfilment | ||
| 14:55:18 <harsh> georgKrog: `PermissionObligation` and `Obligation` in contract law are different, how to express that? For example, to express that you have permission to use a book, but if you read beyond certain pages then you have to pay? | ||
| 14:55:18 <harsh> harsh: that is an obligation within a permission, which can be done with DPV concepts - but we don't define the interpretation of nested rules. Also its better to look towards ODRL for this use-case as it has defined interpretations and also because it specifically models contracts. | ||
| 14:55:18 <harsh> \ agreed - okay to continue with Rules concepts | ||
| 14:55:18 <harsh> ACTION: Add rules concepts to DPV | ||
| 14:55:18 <harsh> Topic: Risk Taxonomy | ||
| 20:10:04 <ghurlbot> https://github.com/w3c/dpv/issues/181 -> Issue 181 Refine RISK taxonomy into a single consistent hierarchy (by coolharsh55) | ||
| 14:55:18 <harsh> \ recap: single hierarchy of concepts grouped based on different topics, adopter picks the concept and the role it plays in the use-case e.g. whether it is a consequence or an impact | ||
| 14:55:18 <harsh> delaramGolpayegani: this is an issue where some concepts do not make sense for a chosen role e.g. _violence against children_ as a risk source doesn't make a lot of sense. Not necessarily a blocking problem, but something to think about. | ||
| 14:55:18 <harsh> harsh: Indeed, but don't know another solution that will allow flexibility while also providing clarity regarding roles. The previous model had us assert something is _always_ a risk source or impact - which is not true. So in this case, we ask the adopter to choose the concept and the role. | ||
| 14:55:18 <harsh> delaramGolpayegani: for specific AI related risks it is not possible to pick from this list, and we would have to have an extension or another way to distinguish these | ||
| 14:55:18 <harsh> harsh: this is something we discussed earlier, so yes, the consensus as I remember it as was to put the AI specific risks in the AI extension | ||
| 14:55:18 <harsh> paul: are you trying to make it more flexible? | ||
| 14:55:18 <harsh> harsh: yes, the goal is to keep things flexible | ||
| 14:55:18 <harsh> georg: can be explained in an example | ||
| 14:55:18 <harsh> mark: communicate risk and liability - who is responsible for the risk | ||
| 14:55:18 <harsh> delaram: this could be modelled with ODRL e.g. with the AI use profile which expresses the liability if something happens | ||
| 14:55:18 <harsh> \ consensus - okay to move ahead with the risk taxonomy and to provide sufficient guidance and examples in the documentation to clarify how the concepts work. For AI specific risks, we have the AI extension. | ||
| 14:55:18 <harsh> harsh: of note, the Spanish DPA (AEPD) had a paper at APF where they created a threat taxonomy where they extended the LINDDUN privacy threats taxonomy with data protection relevant concepts Implications of Age Assurance on Privacy and Data Protection: A Systematic Threat Model https://doi.org/10.1007/978-3-031-68024-3_1 | ||
| 14:55:18 <harsh> ACTION: Continue with Risk taxonomy model, consolidate taxonomy, create risk concepts in AI extension | ||
| 14:55:18 <harsh> Topic: Sector | ||
| 20:10:04 <ghurlbot> https://github.com/w3c/dpv/issues/177 -> Issue 177 [Concept]: Sectors should be defined in DPV (main spec) (by coolharsh55) | ||
| 14:55:18 <harsh> harsh: question is whether we should model `Sector` taxonomy in DPV or we suggest use of authoritative taxonomies such as NACE and NAICS | ||
| 14:55:18 <harsh> paul: official source is important | ||
| 14:55:18 <harsh> delaram: for the AI Act checked the sectors mentioned and they map quite well with NACE, wording is not the same but they are mostly covered so no need for duplicates | ||
| 14:55:18 <harsh> georg: there are different regulations such as emission of carbon, digital products where ID must be declared, which all require a standardised way to document the sector in which they are active in - so the one in DPV would need too much work and shouldn't be done | ||
| 14:55:18 <harsh> \ agreed with consensus - not to model sector in DPV | ||
| 14:55:18 <harsh> Topic: Fee | ||
| 20:10:04 <ghurlbot> https://github.com/w3c/dpv/issues/185 -> Issue 185 [Concept]: Add Fee concept to DPV, remove it from RISK (by coolharsh55) | ||
| 14:55:18 <harsh> paulRyan: real concepts required in GDPR where they are required, so they have sufficient granularity to do what we need to do | ||
| 14:55:18 <harsh> georgKrog: yes, agreed it is useful | ||
| 14:55:18 <harsh> \ accepted with consensus | ||
| 14:55:18 <harsh> ACTION: Add Fee concepts to DPV | ||
| 14:55:18 <harsh> Topic: Updates | ||
| 20:10:04 <ghurlbot> https://github.com/w3c/dpv/issues/183 -> Issue 183 Represent activities where DPIA is required in EU-GDPR (by coolharsh55) | ||
| 14:55:18 <harsh> tyttiRintamaki: for DPIA concepts in DPV, will have updates next week with the concepts and examples | ||
| 20:10:04 <ghurlbot> https://github.com/w3c/dpv/issues/182 -> Issue 182 Adding AI bias concepts (by DelaramGlp) | ||
| 14:55:18 <harsh> harshPandit: for the AI Bias concepts, Daniel sent an email with updates - will go through and have a proposed resolution next week. | ||
| 20:10:04 <ghurlbot> https://github.com/w3c/dpv/issues/186 -> Issue 186 Create Mapping between GDPR and DPV (by coolharsh55) | ||
| 14:55:18 <harsh> harshPandit: for the mapping of GDPR with DPV, Prinon informed that he is busy and will have updates possibly next week. | ||
| 14:55:18 <harsh> Topic: Annual Privacy Forum | ||
| 14:55:18 <harsh> harsh: DPV work on consent won the best paper award at APF, and was visible/presented in front of DPAs https://lists.w3.org/Archives/Public/public-dpvcg/2024Sep/0004.html | ||
| 14:55:18 <harsh> harsh: notes from APF available on website https://harshp.com/research/blog/APF-2024 | ||
| 14:55:18 <harsh> Topic: Next Meeting | ||
| 16:03:29 <harsh> \ next meeting will be in 1 week on TUESDAY 17 September at 13:30 WEST / 14:40 CEST. Agenda will be updates on resolutions from today with any updates on github/mailing list and AOB. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.