Meeting minutes
<ghurlbot> gb has joined #dpvcg
Repository: w3c/dpv
Meeting minutes: https://
purl for this meeting: https://
Good news item - ISO/IEC TS 27560 has been published, which includes an example expressed using DPV and a reference to DPV in Annex A. See https://
Risk Assessment concepts
see #104
<ghurlbot> Issue 104 Re-evaluate Risk Assessment concepts (by coolharsh55) [concepts] [application] [help-wanted]
The risk assessment concepts have been discussed between harsh, delaram, rob, and julio, and they have consensus. See https://
Pending questions are a minor topic regarding the distinction between actual and potential consequences of an incident, with the context of a data breach incident and reporting on its potential consequences.
Comment #104: The risk assessment concepts will be discussed for acceptance in the next meeting, scheduled for AUG-24
<ghurlbot> Added comment
The Risk Management concepts will be an extension of these concepts, and will provide management related processes such as treatments and identification. See #74
<ghurlbot> Issue 74 Add Risk Management concepts from ISO 31000 series (by coolharsh55) [concepts] [help-wanted]
Comment #74: the risk assessment concepts in #104 are likely to be accepted - this work should be modified to build on them.
<ghurlbot> Added comment
The guide for data breach (see #103) and adding incident reporting concepts (see #100) will also be developed based on these risk assessment concepts.
<ghurlbot> Issue 103 Guide for Data Breach (by coolharsh55) [documentation] [concepts] [todo] [application]
<ghurlbot> Issue 100 Proposal to add (security) Incident Reporting concepts (by coolharsh55) [scope] [concepts]
Comment #103: the risk assessment concepts in #104 are likely to be accepted - this work should be modified to build on them.
<ghurlbot> Added comment
Comment #100: the risk assessment concepts in #104 are likely to be accepted - this work should be modified to build on them.
<ghurlbot> Added comment
DPV v1.1
Issues tagged to be completed for DPV v1.1 are mentioned in the agenda.
Associating legal bases with rights (see #49) - will be accepted.
<ghurlbot> Issue 49 Provide association and applicability between GDPR legal bases and rights (by coolharsh55) [documentation] [concepts] [todo] [help-wanted]
Pending question to be discussed in the next meeting is whether we model the concepts for rights implementations e.g. data portability has an implementation of providing a copy of data.
Iain mentioned this is what P7012 considers as a "duty" attached to the right. In DPV, we agreed earlier not to model duties and obligations, and instead leave it to ODRL and other languages. However, modelling the concepts for processes and associating them with legal bases would be in scope.
Comment #49: this was discussed in today's meeting, and the association between legal bases and rights is to be accepted. The proposal to model rights implementation processes is to be discussed in the next meeting.
<ghurlbot> Added comment
The issue about modelling locations using personal data (see #73) will be resolved.
<ghurlbot> Issue 73 Extend DPV-PD with missing Location concepts (by besteves4) [concepts] [review]
Comment #73: this issue was discussed in today's meeting and will be resolved/closed as it is outside the scope of the current work to provide properties for each personal data category.
<ghurlbot> Added comment
Updating concepts for Scoring and Decision to cover overlap as per the CJEU case (see #87) - this is in scope, and the modelling of concepts will be accepted.
<ghurlbot> Issue 87 Update concepts for Scoring and Decision to cover overlap (by coolharsh55) [concepts] [todo]
Comment #87: this was discussed in today's meeting with no objections to go ahead and implement it.
<ghurlbot> Added comment
Indicating PII and Identifying personal data (see #14) - this was discussed and agreed upon. The concepts will be accepted in the next meeting.
<ghurlbot> Issue 14 Indicating PII i.e. Personally Identifiable data category or categories in combination (by coolharsh55) [concepts] [question] [help-wanted]
Comment #14: this was discussed in today's meeting and accepted as concepts to indicate identifying with distinction between explicit and indirect. These will be accepted in the next meeting.
<ghurlbot> Added comment
Express 'sensitivity' of data (see #11) - these have been accepted in principle, to be discussed further if requested. Otherwise they will move to accepted.
<ghurlbot> Issue 11 Express 'sensitivity' of data (by coolharsh55) [concepts] [question] [review]
Comment #11: this was discussed in today's meeting as being acceptable, but further discussion will be undertaken to assess whether to accept them.
<ghurlbot> Added comment
Assessment concepts (see #96) that include impact assessments and compliance assessments. Discussion had consensus on accepting the concepts.
<ghurlbot> Issue 96 Add assessment relations and concepts (by coolharsh55) [concepts] [todo]
Comment #96 - discussed these concepts today with a consensus towards acceptance. These will be accepted in the next meeting.
<ghurlbot> Added comment
Aligning with EU vocabularies (see #46) - this issue was discussed with consensus to drop alignment with EUVOC and continue with DPV-LEGAL modelling of jurisdictions and other information, and to ask for help in aligning it with other vocabularies.
<ghurlbot> Issue 46 Use/Align with EU location vocabularies (by coolharsh55) [documentation] [scope] [concepts] [todo]
Comment #46: this was discussed in today's meeting with consensus to drop alignment with EUVOC and continue with DPV-LEGAL modelling of jurisdictions and other information, and to ask for help in aligning it with other vocabularies. The issue will remain open for discussion and continued contribution.
<ghurlbot> Added comment
Representing Main Establishment and Lead SA as a concept (see #93) - this was agreed to be added to GDPR.
<ghurlbot> Issue 93 Representing Main Establishment and Lead SA as a concept (by coolharsh55) [concepts] [help-wanted]
Comment #93 - this was discussed in today's meeting and agreed to be added to GDPR.
<ghurlbot> Added comment
Add information availability concepts (see #102) - these concepts were briefly discussed, and are slated for acceptance.
<ghurlbot> Issue 102 Add information availability concepts (by coolharsh55) [concepts] [review]
Comment #102: These concepts were discussed in today's meeting, and will be accepted.
<ghurlbot> Added comment
DPV repo restructuring
See email by harsh - https://
<ghurlbot> Issue 107 Restructure repo layout (by coolharsh55)
This is a major change and will be taken along with #99 inclusion of non-personal data
<ghurlbot> Issue 99 Proposal to change DPV scope to include Non-Personal Data (by coolharsh55) [scope] [concepts] [question]
Next Meeting
We will have the next meeting on 24th August 14:00 WEST / 15:00 CEST
Topics on today's agenda will continue to be on the next agenda, with resolution on accepted concepts given a priority.
gb, bye