Meeting minutes
Meeting minutes: https://
purl for this meeting: https://
AOB
harsh: discussion on tech/org measures
beatriz: ODRL CG alignment
New Member
steveHickman: worked on privacy at Facebook, now working on tooling for privacy by design - came across DPV recently
steveHickman: (FYI) models for privacy interest group recently started, Ann Cavoukian is part of that, may see an influx of people
ODRL Alignment
<ghurlbot> Issue 130 Alignment with ODRL (by besteves4)
beatriz: ODRL CG met last week, interest to publish a joint report
beatriz: first steps are a mapping of concepts between DPV and ODRL Information Model i.e. align it as purpose and left operand, data would be an asset and so on. And then other work can be built on top of that.
harsh: we have some existing work e.g. that by beatriz and me on this - to add to the issue
harsh: for ODRL, let me or beatriz know so we can keep you in the loop
steveHickman: assuming these would be useful to the tooling, yes this is relevant
harsh: also express interest via the Github issue
AI Act
<ghurlbot> Issue 106 Propose concepts from the AI Act (by coolharsh55)
<ghurlbot> Issue 126 AI Extension to provide AI-specific concepts (by coolharsh55)
Risk Assessment
delaram: risk assessment concepts in the act, documentation relevant to this is needed. For example, high-risk categorisation requires assessment for when it is not high-risk to show the risk assessment output
delaram: for the AI concepts (extension to Tech) we can use https://
art: definition of risk in the act - difference in risk levels which say low likelihood results in medium risk but with the AI Act definition it can be unacceptable risk
harsh: risk matrix has to be built on context - one for AI Act will have severity adjusted to the Act's requirements
Related Concepts
delaram: related concepts field - should we add them?
harsh: related concepts came from link to external concepts, and then for the DPV concepts we put the concept in the comment
delaram: so we can add in related concepts such as those for BiometricAISystem where Biometric as a capability is related
concepts for DPV
harsh: lets go through the DPV intended concepts
delaram: not ready
delaram: definition of purpose - to be updated to include AI
harsh: we updated the definition based on discussions in December so that it says "use of technology" - is this sufficient? I think we should add "technology (including AI)"
delaram: definition should say 'resource' - so it can be used for other things similar to DCAT
harsh: we limit the description to concepts within our scope e.g. only for data processing e.g. Purpose in ODRL https://
GDPR Rights Justifications
<ghurlbot> Issue 63 Add Right Non-fulfilment Justifications for GDPR’s rights (by besteves4)
beatriz: update to rights justifications - modelled Art.34. Added a prefix and abbreviations to the concepts to avoid long term names. Prefix "J" for justification and then abbreviate "Not Req" for not required and so on.
harsh: how do we model this? E.g. justifications in an extension, and then extend them in rights and then again in GDPR for specific clauses
beatriz: possibly, depends on how much repetition there ends up being
User-facing DPV
<ghurlbot> Issue 91 Provide guidance for implementing ISO/IEC 29184 Privacy Notice using DPV (by coolharsh55)
iain: vocabulary for the person, how/where do we start that?
harsh: we can start with the ISO 29184 fields as what information is to be provided to the individual for privacy notices and then see what labels to use for that. We can use a spreadsheet to list labels for existing concepts in DPV so that the term/IRI does not change but there is a user-intended label that can be used.
TOM concepts
harsh: dpv:ROPA is required by a DPV-using project Rob is running. We currently have it proposed. The concept already existed (was accepted) as 'Records of Processing Activities' and the proposal was to use 'ROPA' as the more common industry term for this. No in-depth discussion needed but FYI as Georg or Paul are not present here.
Resource Paper
delaram: any updates on this?
beatriz: have started with a skeleton document and yet to add contents to it; will share back for feedback once there is substantial material
Next Meeting
Next meeting will be in 1 week, on WED MAR-13 15:00 WET / 16:00 CET.
Topics for discussion are
1) Rights Justification by beatriz - we are waiting for review by Georg, Paul.
2) AI Act concepts by delaram - to complete and review Art.3 definitions and DPV intended concepts with Harsh.
3) TOMs by harsh - to resolve the proposed concepts.
4) user-facing DPV/29184 by iain - to report back on the start of the work.