Meeting minutes
Meeting minutes: https://
purl for this meeting: https://
Age Verification
<ghurlbot> Issue 128 Add dpv:AgeVerification as a purpose concept (by besteves4)
accepted concept
GDPR Rights Justifications
<ghurlbot> Issue 63 Add Right Non-fulfilment Justifications for GDPR’s rights (by besteves4)
beatriz: okay with the structure, but more rights and justifications - discussion on whether/how we model them.
beatriz: (email FEB-16) going through the mentioned rights to see justifications, going through GDPR for more justifications. Article 34 - some justifications there as well for Communication of a personal data breach to the data subject. Article 23 - right to be informed about restrictions. Article 27. We don't have anything from Article 78 and 79 - judicial rememdies. Article 22-3 “the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.
georg: Article 34(3) has justifications for why the breach was not communicated. These are justifications used in compliance but do not need to be communicated. So we should
georg: Article 23(3-h) - what is the justification here?
beatriz: Should we model the 'right' mentioned here?
discussion - no, this is a right as in the implementing act in national law
beatriz: Adding Art. 77-79 as 3 three additional rights to GDPR extension.
georg: Art.22.3 “the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision”?
harsh: 22-1 is the right, 22-3 refers to the same right
georg: 22-2 is the three justifications for 22-1
harsh: 22-3 and 22-4 are specific restrictions on the justifications in 22-2, so we don't necessarily need them as separate justifications - we can wait for case law and AG opinions to evaluate our interpreations are correct before we model them e.g. 22-4 can be justifications for use of special categories
AI Act
<ghurlbot> Issue 106 Propose concepts from the AI Act (by coolharsh55)
delaram: these are concepts from Article 3, the rest of the Act is to be modeled
georg: post from Dr. Laura who is Senior Policy Advisor at EU Parliament comparing AI Act and GDPR in terms of no of articles and recitals https://
delaram: definitions are not expected to change, clause numbering may change. Working on AIRO and VAIR at the moment, to be added here (AI Act extension) once that is done.
harsh: where do we put them in DPV vocabularies? How do we proceed? Do we take AI Act? Or go through specific topics e.g. putting AI in deployment?
delaram: would be better to look at all related concepts together in one place
beatriz: does AI system go in tech?
delaram: yes, the general concept will go in tech and the AI Act specific definition will go into the AI Act extension
harsh: interested in Annex III high-risk clause analysis, and connecting it with GDPR's DPIA. Tytti is also doing this kind of work and would be interested in this.
Next Meeting
Next meeting will be in 1 week, on WED FEB-28 15:00 WET / 16:00 CET.
Topics for discussion are updates on DPV v2, github repo and issues, rights exercise, discussion on AI Act, and Tech/AI vocabulary.